Senior Analyst - Application Security Liaison United Airlines
Chicago, IL

Job Description

Senior Analyst - Application Security Liaison

Req #: WHQ00015825-JM

Location: Chicago, IL US

Job Category:Information Technology

We have a wide variety of career opportunities around the world - come find yours.

Technology/IT

The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.

Job overview and responsibilities

The Senior Analyst - Application Security is responsible for ensuring integration of cyber security into United's application development and software development lifecycles. They will spend time directly with developers performing detailed code reviews and explaining security deficiencies in programming techniques. They will work closely with development teams to remediate vulnerabilities detected during application scans and will carry out risk assessments of new and existing applications and application infrastructure to enhance United's cyber security posture.

* Review raw code of critical applications for vulnerabilities


* Conduct and manage application security testing


* Act as the key resource for development teams in the remediation of vulnerabilities discovered by Vulnerability Management, Application Security, or outside vendors


* Provide consultation services to development organizations and business units in the ideation phase to ensure secure application design


* Conduct proactive risk assessments of existing applications to identify new and novel vulnerabilities previously unknown


* Build simple and usable code artifacts that can be used in library form by many development teams



Required

* Excellent written and verbal communications skills
* Ability to offer reasonable remediation solutions to problems created by insecure code
* Ability to lead by example and influence change
* Technical writing and documentation
* Understanding of complex project timelines
* Good understanding of Information Security standards, frameworks, and best practices (e.g., ISO 2700X, OWASP, ITIL, CoBIT, SANS Top 20)
* Demonstrable experience with at least two of the following development languages: .Net, C#, Java, PHP, Objective-C, SQL, SOAP, REST, custom API, SAML
* Experience with at least one code security review tool: Fortify, WebInspect, Burp, AppScan
* Understanding and awareness of documentation required in a secure software development lifecycle
* Experience working with agile development groups
* Must be legally authorized to work in the United States for any employer without sponsorship
* Successful completion of interview required to meet job qualification
* Reliable, punctual attendance is an essential function of the position

Preferred

* A software-development related BS or BA degree is preferred - however, any combination of equivalent education, work experience, and formal training that allows the candidate to meet the requirements of the position is satisfactory
* CISSP and/or relevant SANS certifications are preferred

Equal Opportunity Employer - Minorities/Women/Veterans/Disabled/LGBT