You are a great hacker.

Senior Analyst – Application Security @ United

Chicago, IL, United States - (Temporarily Remote) | Posted 1 year, 1 month ago


The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.

Job overview and responsibilities 

As a security analyst you will help lead the effort to build a defensive security strategy that strenghtens United’s application ecosystem. 
We are looking for someone who is passionate about cyber security and eager to roll up their sleeves to put solutions in place to help protect our airline.

The ideal candiate will have security focused mindset and knowledge of security best practices across multiple technologies.  They will help evaluate, implement, run, and troubleshoot application security tools that help developers produce more secure code.  These efforts require being able to analyze results of static and dynamic scan, bug bounty submissions, pen testing results to find patterns and provide remediation recommendations through specific technical direction or sample code.  In addition to their main responsibility of optimizing United’s Application Security tooling they will be called upon to assist on related projects which move our security efforts to more proactive engagement issues. This role will be supported by senior security engineers who will help guide, mentor and coach to support growth with technical expertise. 

  • Conduct and manage dynamic and static code scans of United applications for security vulnerabilities.
  • Review results of scans to verify the accuracy of the findings.
  • Validate findings of dynamic scans.
  • Work with team members (Security and Release Management) to ensure quality of scans and reports.
  • Address questions from internal customers regarding scan processes, results, and remediation suggestions. 
  • Report metrics on application risk and vulunerablity profile to leadership. 
  • Ability to create quantitative business cases for enhancing security standards, processes and tools.
  • Act as a resource for development teams in the remediation of vulnerabilities discovered by Vulnerability Management, Application Security, or outside vendors
  • Conduct proactive risk assessments of existing applications to identify new and novel vulnerabilities.
  • Develop training and remediation materials on application security topics for developers
  • Keep up to date on application security topics to ensure most current vulnerabilities are being incorporated into application scans, risk profiles, threat models to ensure United is protected at the highest level.


  • BS/BA, preferably in a technical or scientific field or 5 years of equivalent experience, education or training. 
  • Good understanding of application security frameworks, standards, and best practices from OWASP, WASC, SANS. and other information security standards
  • Demonstrable experience with at least two of the following development languages: .Net, C#, Java, PHP, Objective-C, SQL, REST, SAML, Python, Swift
  • Experience with at least one code security review tool: Qualys, Veracode, Checkmarx, WhiteHat Sentinel, Tenable, Burp, etc.
  • Understanding and awareness of documentation required in a secure software development lifecycle
  • Ability to deliver ahead of or on milestones for project timelines
  • Excellent written and verbal communications skills
  • Ability to offer reasonable remediation solutions to problems created by insecure code
  • Ability to lead by example and influence change
  • Must be legally authorized to work in the United States for any employer without sponsorship
  • Successful completion of interview required to meet job qualification
  • Reliable, punctual attendance is an essential function of the position


  • A software-development related BS or BA degree
  • CISSP, SANS and/or relevant SANS certifications
  • Experience working with cross-functional agile development teams
  • Experience working with Fiddler and Postman to create requests. 
  • CISSP, SANS and/or relevant SANS certifications or strong demonstrated application of software security in code written by individual.