United Airlines Analyst – Cyber Crisis Response in Chicago, Illinois

Analyst – Cyber Crisis Response

United Airlines is seeking talented people to join the IT Security, Risk, and Compliance team. This team helps to protect the information of our customers and employees and reduce business risk through strong security practices.

Job overview

Come join a leading information security team in the aviation sector to help protect our customers and employees!

The 'Analyst – Cyber Crisis Response' within our cyber Security Operations Center (SOC) is responsible for ensuring the company is ready to respond to cyber security incidents at any time, assisting a cross functional team of Incident Response professionals, and helping the company through critical efforts to remediate cyber-attacks and computer intrusions. They are a key component of the cyber security posture of the company and they work to keep leadership advised of current incident response engagements as well as past engagement performance, as well as keep the enterprise prepared for different cyber crisis scenarios.

If you're looking to further develop your skills through a variety of challenges and perform impactful work, this job is for you!

Job Responsibilities:

  • Coordinate and provide expert technical support to enterprise-wide cyber security incident response team to resolve crisis level cyber security incidents from initial detection through final resolution.

  • Create novel crisis incident response exercises and workshops to develop plans

  • Engage with leadership throughout the IT division and business organizations to continuously enhance incident response plans & playbooks

  • Facilitate lessons learned meetings and generate reports on incident findings to appropriate stakeholders

  • Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support Cyber Security Incident Response Teams (CSIRT).

  • Maintain relationships with internal and external partners involved in cyber planning or related areas.

  • Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to assess possible threats to network security as needed.

Required :

  • A Bachelor's degree in a related field or any combination of equivalent education, work experience, and formal training that allows the candidate to meet the requirements of the position

  • Leadership skills and the ability to build relationships with partner teams

  • Understanding of complex process flows and decision matrices

  • Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

  • Ability to lead by example and influence change

  • Good understanding of Information Security standards, frameworks, and best practices

  • Experience working with IT infrastructure, development teams, and cyber security incident response teams.

The ideal candidate possesses three of the below experience items:

  • At least two years of experience with cyber security crisis and incident response

  • At least one year of experience leading table top and wargame exercises

  • Demonstrated success at managing projects between cross functional teams, including translation of technical information into layman’s terms.

  • At least two years of experience building incident response plans/playbooks and defining process inputs and outputs

  • At least one year of experience administering SAAS based systems.


  • A computer-science or cyber security related BS or BA degree is preferred

  • CISSP and/or relevant SANS certifications are preferred (i.e. GSEC)

  • Experience developing in Python and Powershell is a bonus.

  • Skill in using security event correlation tools.

  • Skill in documenting and communicating complex technical and programmatic information.

  • Skill in preparing and presenting briefings.

  • Skill in utilizing feedback to improve processes, products, and services.

  • Skill to analyze and assess internal and external partner cyber operations capabilities and tools.

  • Ability to effectively collaborate via virtual teams.


  • Must be legally authorized to work in the United States for any employer without sponsorship

  • Candidate must currently have or meet the requirements to obtain a US Government SECRET security clearance

  • Successful completion of one or more interviews required to meet position qualifications

  • Reliable, punctual attendance at United’s World Headquarters in Chicago is an essential function of the position

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT



Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT

Division: 47 Technology/IT

Function: Information Technology

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled