United Airlines Director – Ethical Hacking in Chicago, Illinois

We have a wide variety of career opportunities around the world — come find yours.

INFORMATION TECHNOLOGY

The United IT team designs, develops and maintains massively scaling technology solutions that are brought to life with innovative architectures, data analytics and digital solutions.

Job overview and responsibilities

The Director of Ethical Hacking is a critical leader of the Cybersecurity Operations team. This is a leadership role that requires an individual with a strong technical background, as well as an ability to work with key stakeholders in IT, Security Risk & Compliance (SRC), and business groups. This role requires a person to have hands-on experience in Ethical Hacking so the individual is able to translate the IT-risk requirements and constraints within United Airlines into technical control requirements and program-based solutions, as well as develop metrics for ongoing team development, performance measurement, and reporting.

Expertise in leading Ethical Hacking teams and developing and managing projects is essential for success in this role. This role must be able to prioritize work efforts - balancing operational tasks with longer-term strategic cybersecurity efforts. Other project management tasks will include resource balancing across multiple teams, task prioritizing, and report.

  • Leadership with managing Ethical Hacking or Red Teams conducting in depth assessments and penetration tests against networks, endpoint, web/mobile application, IOT devices, etc. to find flaws and exploits.

  • Perform Hands-On Ethical Hacking tests of information systems (individually and with team) proficiently utilizing commercial and open source exploitation tools used for in depth manual testing - demonstrating solid understanding of web and mobile apps, networks, major operating systems, active directory, and technology used on airports \ airlines.

  • Develop, evaluate, and update required methodologies, standards, processes, procedures, assessment reports, and other departmental strategically and tactical documentation

  • Must demonstrate knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors

  • Must be able to critically examine an organization and system through the perspective of a threat actor and articulate risk in clear, precise terms

  • Develop budget projections based on short- and long-term objectives

  • Manage a staff of information security professionals, hire and train new staff, conduct performance reviews, and provide leadership and coaching, including technical and personal development programs for team members

  • Recommend and coordinate the implementation of technical controls to support and enforce defined security policies and standards

  • Mature current Red-Team and work with other security operations teams to develop Purple-Team.

  • Design, coordinate and oversee security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks

  • Monitor and report on compliance related commitments and regulatory obligations

  • Provide security communication, awareness and training for audiences, which may range from senior leaders to field staff.

  • Engaging in security research to remain current on vulnerabilities and testing tools.

Qualifications

Required

  • A bachelor's degree in Science or Math

  • One or more current security certifications (e.g. CISSP, OSCP, GSEC, GPEN, GCFW, GWAPT, GAWN).

  • 2 -5 years of experience conducting internal and external penetration tests of information systems using commercial and open source exploitation tools.

  • A minimum of ten years of experience in information technology, with five years in an information security role and at least two years in a managerial capacity.

  • The ability to work on multiple projects concurrently and be committed to providing exemplary customer service.

  • Strong technical writing and presentation skills.

  • Must be legally authorized to work in the United States for any employer without sponsorship

  • Successful completion of interview required to meet job qualification

  • Reliable, punctual attendance is an essential function of the position

Preferred

· Masters degree in Information Security

· Certifications: OSCP, GPEN, OSCE

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT

Division: 47 Technology/IT

Function: Information Technology

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled