Director - Security Incident Response United Airlines
Chicago, IL

Job Description

Director - Security Incident Response

Req #: WHQ00015140-NR

Location: Chicago, IL US

Job Category:Information Technology

Join the Security, Risk and Compliance team and lead the way in protecting United Airlines from Cyber threats and assisting with remaining compliant to regulatory requirements. We are looking for proactive team players that can focus on providing clear direction for the secure delivery of technology, the active identification of risks and the rapid response to threats.

Job overview and responsibilities

United Airlines Security Risk and Compliance team is seeking a dynamic leader to help grow its Cyber Security Incident Response team (CSIRT) and Recovery team. Reporting into the Managing Director of Security Operations, the Director of CSIRT and Incident Response acts as the 24/7 focal point for security incident management within the Enterprise, often required to lead the appropriate response and actions, normally with multiple platforms, vendors, and support groups. The Director will lead a team of security professionals who's core function is to provide continuous cybersecurity incident intake, triage, investigative response and data analysis services for the Enterprise as well as running coordinated Table Top Exercises. The Director provides leadership and guidance and acts as a primary contact for senior management across enterprise and the evaluation, development, implementation, and monitoring of information security strategies and tools, for effective response.

* Establishes and governs security event detection and cyber threat response and recovery capabilities and serves as the subject matter expert regarding all information security incident responses for the enterprise


* Provides governance for and leads the information security response process; directs the response to escalated security events and drives the security incident response process


* Leads the evaluation, development, and implementation of security standards, procedures, and guidelines for multiple system platforms across diverse application environments


* Works with other senior Digital and business leaders on potential data breaches and other cyber security incidents


* Works with cyber security groups to support Human Resources, Legal, and other key stakeholders while maintaining appropriate chain of custody


* Provides end-to-end problem management and root cause analysis for security incidents across the Enterprise


* Works with security analysts, penetration testers, and strategic partners to architect advanced solutions to address issues


* Develop a new dedicated cyber forensics program


* Performs and/or directs the independent analysis of complex problems and threats and provide clear and decisive mitigation strategies


* This includes emulation of threat actor activity based off tactics, techniques, and procedures identified by Threat Intelligence group


* Establish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis, and reporting


* Actively provides consistent communication to key IT and business stakeholders on metrics and measures and the potential of new threats


* Stays up to date on current attack risks and trends through independent and collaborative industry research


* Works with IT Leadership to proactively develop and monitor information security strategies to protect United airlines from existing and future threats.



Required

* Bachelor's degree in Computer Science or other technical field of study or 4 years of equivalent work experience
* In depth understanding of IR / CSIRT / Cyber Forensics process
* Proven experience with industry standard security technologies, such as SIEM tools, advanced endpoint detection technologies, open sourced investigative technologies, EDR Technologies, SOAR platform, and forensics technologies
* Proven experience applying information security principles to secure platforms and prevent threats
* Proven ability to interact effectively with senior business leadership to effectively resolve information security incidents when necessary
* Working knowledge of regulations (e.g., PCI, SOX, GDPR, etc.) and internal controls as they apply to IT based off of security frameworks (e.g., NIST CSF, COBIT, etc.)
* Strong understanding of malware in static and dynamic environments and mitigation strategies to protect against it
* Superior analytical and problem-solving skills and the ability to effectively communicate highly technical information to business leaders
* 8+ years of overall cyber security experience
* 4+ years of management experience leading a high performing team
* Demonstrated ability to attract and develop cyber security talent
* Strong verbal & written communication skills
* Strong critical thinking and group facilitation skills in large or complex problem settings
* Industry or sector leadership in designing and improving the field of Threat Management
* Change agent with ability to drive accountability & outcomes across a diverse threat landscape
* Solid technical background in computer systems and networks
* Proven ability to influence change and adoption of information security protocols and concepts
* Ability to work extremely well under pressure while maintaining a professional image and approach
* Strong business acumen & successful track record in aligning with peers
* A strong cross-functional team player with ability to lead and coach others in a matrix structure, across time zone and national boundaries
* Must be legally authorized to work in the United States for any employer without sponsorship
* Successful completion of interview required to meet job qualification
* Reliable, punctual attendance is an essential function of the position
* include everything under Other

Preferred

* One of the following certifications is a plus: CPTE, CPTC, GPEN, OSCP
* Experience working with NIST IR/CSF Framework
* Experience leading Incident Response teams in Transportation Industry
* Understanding of the MITRE attack framework



Equal Opportunity Employer - Minorities/Women/Veterans/Disabled/LGBT