Principal Application Security Architect – Cloud & Enterprise Cyber Defense Leader (Remote/Hybrid) – United Airlines

Elevate Your Career with United Airlines – A Global Leader in Aviation and Cybersecurity

United Airlines isn’t just a world‑renowned carrier; it’s a vibrant, technology‑driven organization that connects millions of passengers across continents every day. Our mission goes beyond transporting people—we aspire to transport trust, safety, and innovation. As we continue to modernize our digital ecosystem, we need visionary security leaders who can embed robust cyber‑defenses into every line of code, every cloud service, and every customer‑facing application. If you are an experienced security architect who thrives on solving complex problems, influencing cross‑functional teams, and shaping an industry‑defining security strategy, the Principal Application Security Architect role is your next great adventure.

Why Join United’s Cybersecurity & Digital Risk (CDR) Team?

• Impact at Scale: Protect the data of millions of passengers, employees, and partners worldwide.
• Innovation Hub: Work with cutting‑edge technologies including cloud‑native platforms, micro‑services, AI‑enabled threat detection, and automated CI/CD pipelines.
• Hybrid Flexibility: Enjoy a work‑from‑home model with optional access to our modern remote office spaces—balance productivity with personal well‑being.
• Global Community: Join a diverse, inclusive workforce that celebrates different perspectives and fosters continuous learning.
• Career Acceleration: Clear pathways to senior leadership in security, enterprise architecture, and product development.

Key Responsibilities – What You’ll Own and Influence

Strategic Architecture & Threat Modeling

• Lead comprehensive security architecture reviews for new and existing applications, spanning both on‑premises and cloud environments (AWS, Azure, GCP).
• Develop and maintain threat models that anticipate adversarial tactics, techniques, and procedures (TTPs) aligned with MITRE ATT&CK and ISO/IEC 27001 standards.
• Translate high‑level risk assessments into actionable design recommendations that balance security, performance, and cost.

Secure Development Lifecycle (SDLC) Leadership

• Champion Secure SDLC practices across product, engineering, and DevOps teams, integrating security checkpoints into Agile sprints, Kanban flow, and Waterfall milestones.
• Define, evolve, and enforce secure coding standards, including OWASP Top 10, CWE‑25, and language‑specific guidelines (Java, .NET, Python, JavaScript).
• Automate security testing (SAST, DAST, SCA, IAST) within CI/CD pipelines, ensuring that vulnerabilities are detected early and remediated efficiently.

Hands‑On Application Security & Remediation Guidance

• Perform code reviews—both manual and tool‑assisted—to identify logic flaws, injection risks, insecure deserialization, and authentication weaknesses.
• Provide prescriptive remediation guidance to development teams, translating technical findings into clear, prioritized action items.
• Serve as the technical point of contact for product owners, engineers, and external vendors on security‑related inquiries, escalation handling, and incident response.

Security Governance, Policy, and Compliance

• Collaborate with Legal, Privacy, and Risk Management to align application security controls with regulatory frameworks such as PCI‑DSS, GDPR, CCPA, and NIST CSF.
• Contribute to the evolution of United’s security policies, standards, and reference architectures, ensuring they remain relevant in a rapidly changing threat landscape.
• Facilitate risk‑based prioritization workshops with senior leadership to allocate resources to the most critical security initiatives.

Mentorship, Training, and Community Building

• Design and deliver security awareness workshops, secure coding bootcamps, and threat‑modeling training sessions for cross‑functional teams.
• Mentor junior security analysts and architects, fostering a culture of continuous improvement and knowledge sharing.
• Participate in internal and external security communities, representing United at conferences, webinars, and industry working groups.

Essential Qualifications – The Baseline for Success

• Education: Bachelor’s degree in Computer Science, Information Security, or a related STEM discipline.
• Experience: Minimum 9 years of hands‑on application security experience, including at least 5 years in a senior or lead architect role.
• Technical Mastery: Deep understanding of OWASP Top 10, CWE‑25, and the ability to design and implement remediation strategies for complex codebases.
• Risk Assessment Skills: Proven ability to conduct application risk assessments, categorize threats, and communicate risk in business‑friendly language.
• Tool Proficiency: Expertise with SAST (e.g., Checkmarx, SonarQube), DAST (e.g., Burp Suite, OWASP ZAP), SCA (e.g., Snyk, Black Duck), and manual vulnerability analysis techniques.
• Cloud & Network Knowledge: Strong grasp of secure architecture for cloud platforms, container orchestration (Kubernetes, Docker), and traditional network security concepts.
• Collaboration & Communication: Exceptional written and verbal communication, capable of influencing diverse stakeholders and translating technical details into executive‑level summaries.
• Eligibility: Must be legally authorized to work in the United States without sponsorship.

Preferred Qualifications – What Sets an Exceptional Candidate Apart

• Master’s degree or equivalent advanced coursework in cybersecurity, cryptography, or a related field.
• Industry‑recognized certifications such as CISSP, CISM, OSCP, CEH, GSEC, CompTIA Security+, SSCP, CASP+, or CISA.
• 12+ years of cumulative experience spanning secure coding, threat modeling, identity and access management, cryptography, and cloud security engineering.
• Demonstrated success implementing Secure SDLC frameworks at enterprise scale (e.g., DevSecOps transformation).
• Hands‑on experience with application penetration testing, including exploitation of vulnerabilities and proof‑of‑concept development.
• Proficiency in multiple programming languages (Java, C#, Python, JavaScript/TypeScript, Go) and familiarity with both monolithic and micro‑service architectures.
• Experience working in regulated environments (PCI‑DSS, HIPAA, GDPR) and delivering audit‑ready documentation.

Core Skills & Competencies for High Performance

• Analytical Thinking: Ability to dissect complex systems, recognize subtle security gaps, and propose elegant, scalable solutions.
• Leadership Presence: Comfortable acting as a trusted advisor to senior executives and technical leads, driving consensus across competing priorities.
• Automation Mindset: Passion for embedding security controls into automated pipelines, reducing manual effort and increasing consistency.
• Adaptability: Thrive in a fast‑moving, globally distributed environment, balancing strategic vision with day‑to‑day tactical execution.
• Continuous Learning: Commitment to staying current with emerging threats, new standards, and evolving security technologies.

Career Growth, Learning & Development Opportunities

United Airlines believes that our people are our greatest asset. As a Principal Application Security Architect, you will have access to a robust portfolio of professional development resources, including:

• Executive‑level mentorship programs that pair you with senior security leaders.
• Sponsored certifications and tuition reimbursement for advanced degrees.
• Internal hackathons, capture‑the‑flag (CTF) events, and research labs to explore cutting‑edge security topics.
• Opportunities to represent United at global conferences such as RSA, Black Hat, and OWASP AppSec.
• Clear promotion pathways to Director of Application Security, Vice President of Cyber Defense, or Chief Information Security Officer (CISO) roles.

Work Environment & Culture – What It’s Like to Be Part of United

Our culture is built on three pillars: safety, collaboration, and curiosity.

• Safety First: Every decision is evaluated through a security lens, ensuring our passengers and employees enjoy peace of mind.
• Collaboration: Cross‑functional squads, open communication channels, and regular “security stand‑ups” foster a sense of collective ownership.
• Curiosity: Innovation is encouraged; you’ll have the autonomy to experiment, prototype new solutions, and share insights across the organization.

We support flexible work arrangements, provide ergonomic home‑office stipends, and maintain vibrant employee resource groups (ERGs) focused on mentorship, diversity, and inclusion.

Compensation, Perks & Benefits – The Total Rewards Package

• Competitive Salary: $126,225 – $185,130 annually, commensurate with experience, education, and market factors.
• Performance Bonus: Eligibility for annual discretionary bonuses based on individual and company performance.
• Equity & Retirement: 401(k) plan with company matching, plus potential stock purchase opportunities.
• Health & Wellness: Comprehensive medical, dental, vision, life, accident, and disability coverage.
• Work‑Life Balance: Generous paid time off, paid holidays, parental leave, and flexible scheduling.
• Travel Perks: Employee flight privileges for personal and family travel, plus discounted airline merchandise.
• Learning Resources: Access to online learning platforms, conference budgets, and internal knowledge‑sharing forums.

Commitment to Diversity, Equity & Inclusion

United Airlines is an equal‑opportunity employer. We celebrate the richness of diverse backgrounds, perspectives, and experiences. All qualified applicants will receive consideration without regard to race, color, religion, gender identity, sexual orientation, national origin, disability, veteran status, or any other characteristic protected by law. If you require a reasonable accommodation to apply for or interview for this role, please contact [email protected].

Ready to Soar? Apply Today!

If you’re passionate about shaping the future of aviation security, eager to mentor the next generation of security talent, and motivated to make a global impact, we want to hear from you. Click the link below to submit your application, and let’s embark on this journey together.

Apply Now – Join United Airlines’ Cybersecurity Dream Team

United Airlines – Connecting People, Uniting the World, Safeguarding the Future.