United Airlines Analyst - Application Security in Chicago, Illinois

We have a wide variety of career opportunities around the world — come find yours.

Information Technology

The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.

Job overview and responsibilities

The Analyst – Application Security is responsible for supporting the daily operations of United’s Application Security program. The main focus of this role will be managing and testing the web application firewall (WAF) that protects United’s external applications. In this role this person will act as a liaison between United and WAF vendors to test and modify WAF rules.

  • Act as technical lead for managing and testing the web application firewall (WAF)

  • Creation, implementation, and management of WAF rules to ensure adherence with application security policies

  • Create and implement custom WAF signatures, alerting rules, and searches for review and investigation

  • Assist in reviewing proposed firewall, proxy, and other network infrastructure changes in order to determine the most restrictive rules, while still fulfilling the needs of the business

  • Work with Incident Response staff to identify and respond to common attack vectors and methods

  • Apply lessons learned from security events to create WAF rules and modify existing rules to block or alert on future activity

  • Gather and compile data from reports to deliver metrics on WAF results

  • Implement and test rules to recognize and block automated web scraping and attacks


  • Bachelor degree in Computer Science or a related field, or an equivalent combination of education, training, and/or experience related to this position

  • Good understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST)

  • Familiarity with application security tools such as scanners, fuzzers, proxies, and scrapers

  • Ability to write scripts using bash, PowerShell, Python, Perl, etc.

  • Ability to translate technical details for all audiences

  • Technical writing and documentation skills

  • Excellent written and verbal communications skills

  • Understanding of complex project timelines

  • At least 3 years of IT experience, with at least one year in IT Security

  • Demonstrated experience working with Web Application Firewalls such as F5, Radware, Akamai, Fortinet, Sucuri, Imperva

  • Experience working within an SDLC for large and complex development teams

  • Candidate must currently have or meet the requirements to obtain a US Government SECRET security clearance

  • Must be legally authorized to work in the United States for any employer without sponsorship

  • Successful completion of interview required to meet job qualification

  • Reliable, punctual attendance is an essential function of the position


  • CISSP and/or relevant SANS certifications

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT

Division: 47 Technology/IT

Function: Information Technology

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled