Director of Application Cybersecurity – Remote Leadership Role in Secure Software Development & Automation (arenaflex)

Why arenaflex?

At arenaflex, we are on a bold journey to become the most innovative and trusted airline in the history of aviation. Our purpose—Connecting People, Uniting the World—goes far beyond moving passengers from point A to point B. It means creating a global network of opportunities, fostering inclusive growth, and delivering world‑class experiences to millions of travelers every day. As a technology‑driven organization, arenaflex invests heavily in cutting‑edge digital solutions, data‑centric platforms, and secure, scalable architectures that keep us ahead of the curve.

Our Digital Technology team spans continents, bringing together diverse talent that collaborates across time zones to build the future of air travel. We believe that a truly inclusive workforce fuels innovation, and we are committed to hiring, developing, and retaining top‑tier professionals who share our passion for excellence. If you thrive in a remote, high‑impact environment where your expertise directly shapes the safety and reliability of a global airline, arenaflex is the place for you.

Position Overview

The Director of Application Cybersecurity at arenaflex is a senior leadership role responsible for safeguarding all software applications that power our reservation systems, crew management tools, customer portals, and internal analytics platforms. Reporting to the Chief Information Security Officer (CISO), you will design, implement, and continuously improve a comprehensive application security program that blends verification, automation, and risk‑based decision making. This is a fully remote position with occasional travel (approximately 10% of the time) to corporate hubs, industry conferences, and partner sites.

Key Responsibilities

• Team Leadership & Development
  • Recruit, mentor, and retain a high‑performing team of application security engineers, analysts, and automation specialists.
  • Foster a culture of continuous learning by establishing training roadmaps, certification pathways, and knowledge‑sharing sessions.
  • Conduct regular performance reviews, set clear objectives, and align individual goals with arenaflex’s strategic security vision.
• Strategic Planning & Execution
  • Craft a multi‑year application security strategy that integrates secure‑by‑design principles, automated verification pipelines, and threat‑modeling frameworks.
  • Collaborate with product owners, DevOps, and architecture teams to embed security controls early in the software development lifecycle (SDLC).
  • Define measurable security KPIs (e.g., mean time to remediate, vulnerability density) and report progress to executive leadership.
• Policy & Procedure Governance
  • Develop, publish, and enforce robust security policies covering secure coding standards, static and dynamic analysis, dependency management, and incident response.
  • Maintain alignment with industry regulations (e.g., PCI‑DSS, GDPR, FAA cybersecurity mandates) and internal compliance frameworks.
  • Regularly audit policy effectiveness and update documentation to reflect emerging threats and technology shifts.
• Application Security Assessment
  • Lead periodic application penetration testing, code reviews, and automated scanning campaigns using tools such as SAST, DAST, IAST, and SBOM generators.
  • Prioritize remediation efforts based on risk impact, business criticality, and exploitability, ensuring rapid closure of high‑severity findings.
  • Coordinate with third‑party vendors to assess the security posture of external APIs and SaaS components integrated into arenaflex’s ecosystem.
• Security Architecture Review
  • Partner with the IT Architecture team to evaluate and harden the design of new applications, microservices, and cloud‑native workloads.
  • Recommend security controls such as zero‑trust networking, runtime application self‑protection (RASP), and container security best practices.
  • Drive adoption of secure infrastructure‑as‑code (IaC) templates and automated compliance checks.
• Awareness & Training Programs
  • Design and deliver engaging training modules that educate developers, QA engineers, and business stakeholders on OWASP Top 10, secure coding, and automated verification tools.
  • Run tabletop exercises and simulated breach scenarios to strengthen incident response readiness across the organization.
  • Maintain a knowledge base of security patterns, cheat sheets, and remediation guides accessible to all arenaflex employees.
• Incident Response & Forensics
  • Act as the subject‑matter expert for application‑related security incidents, guiding the response team through root‑cause analysis and containment.
  • Develop post‑incident reports that capture lessons learned, corrective actions, and improvements to preventive controls.
  • Collaborate with legal, compliance, and communications teams to ensure transparent reporting to regulators and customers when required.
• Regulatory & Compliance Management
  • Stay current on evolving regulatory landscapes, including aviation‑specific cybersecurity mandates, and translate requirements into actionable controls.
  • Lead internal audits and external assessments, providing evidence of compliance and addressing any identified gaps.
• Risk Assessment & Mitigation
  • Conduct comprehensive risk assessments for new and existing applications, quantifying potential business impact and recommending mitigation strategies.
  • Maintain a risk register that is reviewed quarterly with senior leadership to prioritize investments.

Essential (Minimum) Qualifications

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related STEM field.
• 12+ years of progressive experience in security‑focused roles, with at least 5 years in application security leadership.
• Demonstrated expertise with security assessment tools and techniques, including SAST, DAST, IAST, and software composition analysis.
• Deep understanding of web application security concepts, especially the OWASP Top 10, and experience implementing automated verification pipelines.
• Proven track record of developing and enforcing security policies, secure coding standards, and incident response procedures.
• Strong analytical and problem‑solving abilities, with a continuous‑learning mindset to stay ahead of emerging threats.
• Excellent communication and influencing skills, capable of translating complex security concepts to technical and non‑technical audiences.
• Legal authorization to work in the United States without sponsorship.
• Reliable, punctual attendance and the ability to work independently in a remote environment.

Preferred Qualifications (Nice to Have)

• Master’s degree in Cybersecurity, Information Assurance, or a related discipline.
• 15+ years of experience in security roles, with a focus on large‑scale enterprise applications.
• Industry‑recognized certifications such as:
  • Certified Ethical Hacker (CEH)
  • GIAC Security Essentials (GSEC)
  • Certified Information Security Manager (CISM)
  • CompTIA Security+
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Systems Auditor (CISA)
  • Systems Security Certified Practitioner (SSCP)
  • CompTIA Advanced Security Practitioner (CASP+)
  • Offensive Security Certified Professional (OSCP)
• Advanced cloud security expertise, including AWS Solution Architect Professional, networking, and security specializations.
• Experience with Security Technical Implementation Guide (STIG) standards and their practical application.
• Knowledge of application security considerations for industrial control systems and aviation‑specific operational technology.

Core Skills & Competencies

• Technical Acumen: Proficiency in programming languages (Java, Python, C#), containerization (Docker, Kubernetes), and CI/CD tools (Jenkins, GitLab CI).
• Automation Mindset: Ability to design and implement automated security testing, verification, and remediation workflows.
• Leadership: Experience building and guiding multidisciplinary security teams, fostering collaboration, and driving results.
• Strategic Thinking: Capacity to align security initiatives with business objectives and articulate a clear vision to senior executives.
• Communication: Strong written and verbal skills for producing executive briefings, policy documents, and training materials.
• Regulatory Insight: Familiarity with aviation‑related compliance frameworks and the ability to translate them into actionable controls.

Career Growth & Learning Opportunities

At arenaflex, your professional development is a priority. As Director of Application Cybersecurity, you will have access to:

• Executive mentorship from the CISO and senior leadership team.
• Funding for industry certifications, conferences (e.g., RSA, Black Hat, Aviation Cybersecurity Summit), and advanced training courses.
• Opportunities to lead cross‑functional initiatives that influence the entire digital transformation roadmap.
• A clear path to higher executive roles such as Vice President of Security or Chief Information Security Officer.

Work Environment & Culture

arenaflex embraces a flexible, remote‑first culture that values work‑life balance, diversity, and inclusion. Our employees enjoy:

• Collaborative virtual workspaces equipped with the latest communication and project‑management tools.
• Employee‑run Business Resource Groups (BRGs) that celebrate cultural heritage, gender equity, LGBTQ+ advocacy, and veteran support.
• Regular virtual town halls, hackathons, and innovation challenges that encourage creative problem‑solving.
• A supportive environment where every voice is heard, and ideas are judged on merit, not seniority.

Compensation, Perks & Benefits

We offer a competitive total rewards package designed to attract and retain top talent:

• Base Salary: $157,725 – $231,330 USD, commensurate with experience, education, and skill set.
• Performance Bonus: Eligibility for annual discretionary bonuses based on individual and company performance.
• Equity Opportunities: Potential stock options or restricted stock units for long‑term wealth building.
• Health & Wellness: Comprehensive medical, dental, vision, life, accident, and disability coverage.
• Retirement Planning: 401(k) plan with company matching contributions.
• Paid Time Off: Generous vacation, holidays, and parental leave policies.
• Travel Benefits: Space‑available flight privileges for you and eligible dependents.
• Learning & Development: Access to online learning platforms, tuition reimbursement, and internal mentorship programs.
• Employee Assistance: Confidential counseling services, wellness programs, and flexible work arrangements.

How to Apply

If you are ready to lead a world‑class application security function, drive innovation, and protect the digital backbone of a global airline, we want to hear from you. Click the link below to submit your application, attach your resume, and share a cover letter that highlights how your experience aligns with the responsibilities and qualifications outlined above.

Apply Job!

Join arenaflex and Shape the Future of Aviation Security

At arenaflex, your expertise will directly influence the safety, reliability, and customer trust that define modern air travel. We are committed to building a diverse, inclusive, and forward‑thinking workforce where every employee can thrive. Take the next step in your career and become a pivotal part of our mission to connect people and unite the world—securely.