United Airlines Analyst - Application Security in Chicago, Illinois
We have a wide variety of career opportunities around the world — come find yours.
The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.
Job overview and responsibilities
The Analyst – Application Security is responsible for supporting the daily operations of United’s Application Security program. The main focus of this role will be managing and testing the web application firewall (WAF) that protects United’s external applications. In this role this person will act as a liaison between United and WAF vendors to test and modify WAF rules.
Act as technical lead for managing and testing the web application firewall (WAF)
Creation, implementation, and management of WAF rules to ensure adherence with application security policies
Create and implement custom WAF signatures, alerting rules, and searches for review and investigation
Assist in reviewing proposed firewall, proxy, and other network infrastructure changes in order to determine the most restrictive rules, while still fulfilling the needs of the business
Work with Incident Response staff to identify and respond to common attack vectors and methods
Apply lessons learned from security events to create WAF rules and modify existing rules to block or alert on future activity
Gather and compile data from reports to deliver metrics on WAF results
Implement and test rules to recognize and block automated web scraping and attacks
Bachelor degree in Computer Science or a related field, or an equivalent combination of education, training, and/or experience related to this position
Good understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST)
Familiarity with application security tools such as scanners, fuzzers, proxies, and scrapers
Ability to write scripts using bash, PowerShell, Python, Perl, etc.
Ability to translate technical details for all audiences
Technical writing and documentation skills
Excellent written and verbal communications skills
Understanding of complex project timelines
At least 3 years of IT experience, with at least one year in IT Security
Demonstrated experience working with Web Application Firewalls such as F5, Radware, Akamai, Fortinet, Sucuri, Imperva
Experience working within an SDLC for large and complex development teams
Candidate must currently have or meet the requirements to obtain a US Government SECRET security clearance
Must be legally authorized to work in the United States for any employer without sponsorship
Successful completion of interview required to meet job qualification
Reliable, punctual attendance is an essential function of the position
- CISSP and/or relevant SANS certifications
Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT
Division: 47 Technology/IT
Function: Information Technology
Equal Opportunity Employer – Minorities/Women/Veterans/Disabled