Director - Security Incident Response

United Airlines Inc. - Chicago, IL4.0

Join the Security, Risk and Compliance team and lead the way in protecting United Airlines from Cyber threats and assisting with remaining compliant to regulatory requirements. We are looking for proactive team players that can focus on providing clear direction for the secure delivery of technology, the active identification of risks and the rapid response to threats.

Job overview and responsibilities

United Airlines Security Risk and Compliance team is seeking a dynamic leader to help grow its Cyber Security Incident Response team (CSIRT) and Recovery team. Reporting into the Managing Director of Security Operations, the Director of CSIRT and Incident Response acts as the 24/7 focal point for security incident management within the Enterprise, often required to lead the appropriate response and actions, normally with multiple platforms, vendors, and support groups. The Director will lead a team of security professionals who’s core function is to provide continuous cybersecurity incident intake, triage, investigative response and data analysis services for the Enterprise as well as running coordinated Table Top Exercises. The Director provides leadership and guidance and acts as a primary contact for senior management across enterprise and the evaluation, development, implementation, and monitoring of information security strategies and tools, for effective response.

Establishes and governs security event detection and cyber threat response and recovery capabilities and serves as the subject matter expert regarding all information security incident responses for the enterprise
Provides governance for and leads the information security response process; directs the response to escalated security events and drives the security incident response process
Leads the evaluation, development, and implementation of security standards, procedures, and guidelines for multiple system platforms across diverse application environments
Works with other senior Digital and business leaders on potential data breaches and other cyber security incidents
Works with cyber security groups to support Human Resources, Legal, and other key stakeholders while maintaining appropriate chain of custody
Provides end-to-end problem management and root cause analysis for security incidents across the Enterprise
Works with security analysts, penetration testers, and strategic partners to architect advanced solutions to address issues
Develop a new dedicated cyber forensics program
Performs and/or directs the independent analysis of complex problems and threats and provide clear and decisive mitigation strategies
This includes emulation of threat actor activity based off tactics, techniques, and procedures identified by Threat Intelligence group
Establish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis, and reporting
Actively provides consistent communication to key IT and business stakeholders on metrics and measures and the potential of new threats
Stays up to date on current attack risks and trends through independent and collaborative industry research
Works with IT Leadership to proactively develop and monitor information security strategies to protect United airlines from existing and future threats.


Bachelor's degree in Computer Science or other technical field of study or 4 years of equivalent work experience
In depth understanding of IR / CSIRT / Cyber Forensics process
Proven experience with industry standard security technologies, such as SIEM tools, advanced endpoint detection technologies, open sourced investigative technologies, EDR Technologies, SOAR platform, and forensics technologies
Proven experience applying information security principles to secure platforms and prevent threats
Proven ability to interact effectively with senior business leadership to effectively resolve information security incidents when necessary
Working knowledge of regulations (e.g., PCI, SOX, GDPR, etc.) and internal controls as they apply to IT based off of security frameworks (e.g., NIST CSF, COBIT, etc.)
Strong understanding of malware in static and dynamic environments and mitigation strategies to protect against it
Superior analytical and problem-solving skills and the ability to effectively communicate highly technical information to business leaders
8+ years of overall cyber security experience
4+ years of management experience leading a high performing team
Demonstrated ability to attract and develop cyber security talent
Strong verbal & written communication skills
Strong critical thinking and group facilitation skills in large or complex problem settings
Industry or sector leadership in designing and improving the field of Threat Management
Change agent with ability to drive accountability & outcomes across a diverse threat landscape
Solid technical background in computer systems and networks
Proven ability to influence change and adoption of information security protocols and concepts
Ability to work extremely well under pressure while maintaining a professional image and approach
Strong business acumen & successful track record in aligning with peers
A strong cross-functional team player with ability to lead and coach others in a matrix structure, across time zone and national boundaries
Must be legally authorized to work in the United States for any employer without sponsorship
Successful completion of interview required to meet job qualification
Reliable, punctual attendance is an essential function of the position
include everything under Other

One of the following certifications is a plus: CPTE, CPTC, GPEN, OSCP
Experience working with NIST IR/CSF Framework
Experience leading Incident Response teams in Transportation Industry
Understanding of the MITRE attack framework

Equal Opportunity Employer – Minorities/Women/Veterans/Disabled/LGBT