Principal Analyst - Responsible AI (Remote)

DescriptionUnited's Digital Technology team is comprised of many talented individuals all working together with cutting-edge technology to build the best airline in the history of aviation. Our team designs, develops and maintains massively scaling technology solutions brought to life with innovative architectures, data analytics, and digital solutions. Job overview and responsibilitiesThe Principal Architect - Responsible Artificial Intelligence validates that our services, applications, and websites are designed and implemented in accordance with United's secure development and responsible AI standards.The Principal Architect is a senior level position that works closely with development teams, product teams, and other teams across the organization to integrate security into the product lifecycle from design, deployment, and recurring testing. The Principal Architect is a recognized subject matter expert in defining security requirements, performing application assessments, and providing application teams with remediation guidance and advice. On any given day, the Principal Architect for Responsible AI can be pulled in to evaluate a new system, review a proposed application change, or provide guidance on application security/coding best practices.• Leads responsible architecture design evaluations and threat modelling of our products (both bought and built)• Recommends and implements products/services that support operational needs and responsible AI requirements• Promotes and contributes to the continuous improvement of our Responsible AI strategy through accurate, reusable documentation and education materials• Perform code analysis of applications, manually and using SAST, DAST, and SCA scanning solutions as well as conducting manual vulnerability analysis• Technical point of contact for product teams as it relates to Responsible AI at United• Sought out as a trusted advisor/consultant and assists in the creation of security designs, requirements, risk monitoring and mitigation guidance in alignment with industry best practices and regulatory requirements• Assist in leading the design, definition and implementation of security best practices and standards and ensure product development teams understand themQualificationsWhat's needed to succeed (Minimum Qualifications):• Bachelor's degree in STEM, Computer Science, or related field• Minimum of 9 years of experience in related field• Deep understanding of Generative Artificial Intelligence and its associated risks• Ability to collaborate with development teams to build secure solutions, communicating risks and bringing consensus to diverse priorities• Knowledge of common vulnerabilities and attack vectors against a GenAI model such as prompt attacks, training data extraction, and data poisoning• Assessment, risk categorization, and application security testing tools• Excellent problem solving, critical thinking, interpersonal, collaboration, written and verbal communication skills• Knowledge of the fast-evolving industry standards, best practices, and reference architectures• Solid understanding of secure network and system design in both cloud and conventional environments, as well as of network and web related protocols• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment• Ability to work independently and self-motivate• Ability to strategically evaluate SaaS providers and their data storage policies• Must be legally authorized to work in the United States for any employer without sponsorship• Successful completion of interview required to meet job qualification• Reliable, punctual attendance is an essential function of the position• Must be available for domestic travel approximately 10-20% annuallyWhat will help you propel from the pack (Preferred Qualifications):• Master's degree• Certified Ethical Hacker (CEH)• GIAC Security Essentials (GSEC)• Certified Information Security Manager (CISM)• Comp TIA Security +• Certified Information Systems SecurityProfessional (CISSP)• Certified Information Systems Auditor (CISA)• Systems Security Certified Practitioner (SSCP)• CompTIAAdvanced Security Practitioner (CASP+)• Offensive Security CertifiedProfessional (OSCP)• Minimum of 12 years of experience in related field, including any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security, cloud computing• Thought leadership publishing within the Responsible AI or Generative AI categy• Familiar with waterfall and agile development processes and ability to integrate secure development practices into both models• Experience with multiple programming languages• Success in implementing effective Secure SDLC frameworks across a large corporation Apply tot his job