Principal Architect - It Security (Remote)

There’s never been a more exciting time to join United Airlines. We’re on a path towards becoming the best airline in the history of aviation. Our shared purpose – Connecting People, Uniting the World – is about more than getting people from one place to another. It also means that as a global company that operates in hundreds of locations around the world with millions of customers and tens of thousands of employees, we have a unique responsibility to uplift and provide opportunities in the places where we work, live and fly, and we can only do that with a truly diverse and inclusive workforce. And we’re growing – in the years ahead, we’ll hire tens of thousands of people across every area of the airline. Our careers include a competitive benefits package aimed at keeping you happy, healthy and well-traveled. From employee-run "Business Resource Group" communities to world-class benefits like parental leave, 401k and privileges like space available travel, United is truly a one-of-a-kind place to work. Are you ready to travel the world?

We believe that inclusion propels innovation and is the foundation of all that we do. United's Digital Technology team spans the globe and is made up of diverse individuals all working together with cutting-edge technology to build the best airline in the history of aviation. Our team designs, develops and maintains massively scaling technology solutions brought to life with innovative architectures, data analytics, and digital solutions.

Key Responsibilities:

The Principal Architect is a critical part of the overall Cyber Security Risk & Compliance (CSR) department who is accountable for ensuring all Enterprise class technology solutions are implemented and maintained in accordance with security best practices and organizational requirements.

The candidate will advocate, design, and implement processes and technology relating to information security, including security analytics and Blue/Purple team activities across entire organization; collaborates with the Information Technology groups and Audit/Risk groups to identify & prioritize risk components, and help implement appropriate controls.

• Provide domain expertise to various IT teams, Cyber Security Teams, and Threat Management teams
• Recognizes and identifies potential areas where existing security policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion
• Ensure that security configurations of key systems are properly implemented, monitored and reported
• Conduct risk assessments in new and existing technologies. Provide information risk management consulting to technology teams
• Evaluate and recommend security software/hardware and its application
• Establishes alternative security measures if needed to support audit findings, known vulnerabilities, or disaster recovery efforts
• Ensure technology teams are made aware of security engineering and architecture projects that could be incorporated into business solutions
• Lead security investigations and provide forensics services in responds to security incidents.
• Ensure compliance with local regulations e.g. local encryption regulations and privacy laws
• Support Threat Management team daily Operational tasks

The Job Posting End Date is 03/01/2024

United values diverse experiences, perspectives, and we encourage everyone who meets the minimum qualifications to apply. While having the “desired” qualifications make for a stronger candidate, we encourage applicants who may not feel they check ALL of those boxes! We are always looking for individuals who will bring something new to the table!

What’s needed to succeed (Minimum Qualifications):

• BS degree Information Security
• 8 years of IT or Cyber Security experience
• Well-rounded understanding of technology, operations and key business processes
• Expertise in strategically maturing mobile programs encompassing personal devices, managed devices, and mobile applications. Proficient in devising comprehensive strategies to enhance mobile security, optimize device management, mobile application defenses.
• Contribute to Policy and Standards development as it related to mobile security. Orchestrate reporting processes for mobile security, ensuring alignment with industry-specific regulations, and standards.
• Experienced in bridging the gap between cybersecurity and the broader organization by collaborating closely to prescribe, communicate, and educate on mobile security controls. Leading the oversight responsibility to ensure the seamless and continuous implementation of these controls.
• Skilled in demonstrating Mobile Device Management (MDM), Mobile Threat Defense (MTD), Mobile Runtime Application Self-Protection (RASP), and other mobile security solutions, while seamlessly integrating them with a wide array of security and identity tools to establish a robust security ecosystems
• Experience in conducting mobile threat assessments to identify vulnerabilities and risks specific to mobile devices, applications, and networks.
• Strong organization skills
• Strong organizational change skills
• Highly flexible and able to adapt to change
• Strong problem solving and analytical capabilities
• Excellent written and verbal communication skills
• Strong influencing and negotiation skills
• Relevant Technical Skills
• Information Risk Management
• Content filtering technologies
• Application firewalls
• Vulnerability scanners
• LDAP
• Forensics software
• Security incident response
• Federation Services
• Directory Services
• CASB
• XaaS Security OWASP Top Ten to name some
• O/S: Linux (Red Hat, SUSE), Windows (2000/XP2003 Server), and UNIX
• Network: Firewalls, Proxy Servers, Reverse Proxy Servers, IPS, and SEIM
• Must be legally authorized to work in the United States for any employer without sponsorship
• Successful completion of interview required to meet job qualification
• Reliable, punctual attendance is an essential function of the position

What will help you propel from the pack (Preferred Qualifications):

• MS degree in Information Security
• College degree in related technical / business areas
• Certified Expert Mobile Security Professional (CEMP)
• Credentialed Mobile Device Security Professional (CMDSP)