Director of Application Cybersecurity – Remote Leadership Role in Secure Software Development, Verification & Automation (USA)

About arenaflex – Pioneering the Future of Aviation

arenaflex is on an unprecedented journey to become the most admired airline in the history of aviation. With a global footprint that spans hundreds of destinations, millions of passengers, and a workforce of tens of thousands, arenaflex blends the excitement of travel with a deep commitment to social responsibility. Our purpose—Connecting People, Uniting the World—goes far beyond moving passengers from point A to point B. It means creating opportunities in every community we touch, championing diversity, and fostering an inclusive environment where every voice matters. As we accelerate our growth, we are looking for visionary leaders who can safeguard our digital assets while driving innovation across the airline’s technology ecosystem.

Role Overview – Director of Application Cybersecurity (Remote)

arenaflex’s Digital Technology division is a worldwide network of engineers, data scientists, and security specialists who build the platforms that keep our airline soaring. The Director of Application Cybersecurity will lead a high‑performing team of application security professionals, shaping the strategy, policies, and processes that protect arenaflex’s mission‑critical software. This is a fully remote position based in the United States, with occasional travel (approximately 10 % of the time) to collaborate with cross‑functional teams, attend strategic meetings, and support on‑site initiatives.

Key Responsibilities

Strategic Leadership & Team Development

• Build, mentor, and inspire a multidisciplinary team of application security engineers, analysts, and consultants.
• Define clear career pathways, performance metrics, and professional development programs to retain top talent.
• Partner with Human Resources and Diversity & Inclusion leaders to ensure the team reflects arenaflex’s inclusive culture.

Cybersecurity Strategy & Policy

• Design and execute a comprehensive application security strategy that aligns with arenaflex’s overall risk management framework.
• Integrate verification and automation principles into every phase of the software development lifecycle (SDLC).
• Develop, publish, and enforce robust security policies, secure coding standards, and incident‑response procedures.

Application Security Assessment & Architecture Review

• Lead regular security assessments, including static (SAST) and dynamic (DAST) testing, to uncover vulnerabilities in web, mobile, and cloud‑native applications.
• Collaborate with the IT Architecture team to evaluate and harden application security architectures, recommending controls such as Web Application Firewalls (WAF), runtime application self‑protection (RASP), and zero‑trust networking.
• Maintain an up‑to‑date threat model repository that reflects emerging attack vectors and business priorities.

Risk Management & Compliance

• Identify, assess, and prioritize application‑related risks, delivering actionable mitigation plans to senior leadership.
• Ensure continuous compliance with industry regulations (e.g., PCI‑DSS, GDPR, CCPA) and aviation‑specific standards.
• Prepare and present audit evidence for internal and external reviewers, demonstrating arenaflex’s commitment to security excellence.

Security Awareness & Incident Response

• Develop engaging training curricula that educate developers, product owners, and business stakeholders on secure coding, verification tools, and automation best practices.
• Act as a senior advisor during application‑related security incidents, guiding root‑cause analysis, containment, and remediation.
• Continuously refine incident‑response playbooks based on lessons learned and evolving threat landscapes.

Minimum Qualifications (Required)

• Education: Bachelor’s degree in Computer Science, Information Security, Engineering, or a related STEM field.
• Experience: Minimum 12 years of progressive experience in security‑focused roles, with at least 5 years in application security leadership.
• Technical Expertise: Proficiency with SAST, DAST, software composition analysis (SCA), and automated verification tools.
• Knowledge Base: Deep understanding of OWASP Top 10, secure software development lifecycle (SSDLC), and modern cloud security architectures.
• Leadership & Communication: Demonstrated ability to lead cross‑functional teams, influence senior stakeholders, and convey complex security concepts in clear, business‑focused language.
• Regulatory Acumen: Familiarity with compliance frameworks such as PCI‑DSS, GDPR, and aviation‑industry regulations.
• Problem‑Solving: Strong analytical skills with a track record of designing innovative security solutions to mitigate emerging threats.
• Legal Eligibility: Must be legally authorized to work in the United States without employer sponsorship.
• Reliability: Consistent attendance and punctuality are essential to the role’s success.

Preferred Qualifications (Nice‑to‑Have)

• Master’s degree in Cybersecurity, Information Assurance, or a related discipline.
• 15 + years of experience in application security, preferably within large, regulated enterprises.
• Professional certifications such as CISSP, CISM, CISA, CEH, GSEC, SSCP, CASP+, or OSCP.
• Cloud security credentials (e.g., AWS Certified Solutions Architect – Professional, Azure Security Engineer Associate).
• Experience with Security Technical Implementation Guide (STIG) standards and industrial control system (ICS) security.
• Demonstrated success in integrating security automation into CI/CD pipelines using tools like Jenkins, GitLab CI, or Azure DevOps.
• Publications, speaking engagements, or open‑source contributions that showcase thought leadership in application security.

Core Skills & Competencies

• Strategic Vision: Ability to translate business objectives into actionable security roadmaps.
• Collaboration: Skilled at partnering with developers, product managers, and executive leadership to embed security without slowing innovation.
• Automation Mindset: Passion for leveraging scripting, APIs, and orchestration platforms to scale verification processes.
• Continuous Learning: Commitment to staying ahead of threat trends, emerging technologies, and regulatory changes.
• Influence & Advocacy: Proven track record of championing security initiatives and gaining buy‑in across diverse stakeholder groups.

Career Growth & Learning Opportunities

arenaflex invests heavily in the professional development of its leaders. As Director of Application Cybersecurity, you will have access to:

• Executive mentorship programs that connect you with senior leaders across the airline’s global operations.
• Funding for industry conferences, certifications, and advanced training courses.
• Opportunities to lead cross‑functional transformation projects that shape the future of digital aviation.
• A clear pathway to senior executive roles such as Vice President of Information Security or Chief Information Security Officer (CISO).

Compensation, Perks & Benefits

arenaflex offers a competitive total‑reward package designed to attract and retain top talent:

• Base Salary: $157,725 – $231,330 USD, commensurate with experience, education, and skill set.
• Performance Bonus: Eligibility for annual discretionary bonuses based on individual and company performance.
• Equity & Retirement: 401(k) plan with company matching contributions and potential equity participation.
• Health & Wellness: Comprehensive medical, dental, vision, life, disability, and mental‑health benefits.
• Family Support: Generous parental leave, flexible paid time off, and employee assistance programs.
• Travel Privileges: Space‑available airline travel for you and eligible dependents, plus discounts on partner airlines.
• Learning Resources: Access to online learning platforms, internal tech labs, and a vibrant community of Business Resource Groups.

Work Environment & Culture at arenaflex

Our remote‑first philosophy empowers you to work from anywhere in the United States while staying deeply connected to arenaflex’s mission. You will join a collaborative, high‑energy team that values:

• Diversity & Inclusion: A workplace where varied perspectives drive better security outcomes.
• Innovation: Freedom to experiment with cutting‑edge tools, from AI‑driven threat detection to automated compliance pipelines.
• Transparency: Open communication channels with senior leadership, regular town‑halls, and clear visibility into business priorities.
• Work‑Life Balance: Flexible scheduling, generous PTO, and a culture that respects personal time.

Application Process

Ready to protect the digital heart of a world‑class airline? Follow these steps to apply:

1. Submit your updated resume and a concise cover letter highlighting your leadership achievements in application security.
2. Complete the online assessment that evaluates your technical depth and strategic thinking.
3. Participate in a series of virtual interviews with the hiring manager, senior security architects, and a member of arenaflex’s Diversity & Inclusion council.
4. Receive a formal offer, including a detailed breakdown of compensation, benefits, and onboarding timeline.

Join arenaflex – Shape the Future of Secure Aviation

If you are a forward‑thinking security leader who thrives in a fast‑paced, globally connected environment, arenaflex wants to hear from you. Bring your expertise, your passion for automation, and your commitment to inclusive excellence, and help us build the safest, most resilient airline in the world.

Apply Now – Launch Your Career with arenaflex!