Director of Application Cybersecurity – Remote Leadership Role at arenaflex (USA) – Secure Software Development, Verification & Automation

About arenaflex

arenaflex is on an ambitious journey to become the most innovative and customer‑centric airline in the history of aviation. With a global footprint that spans hundreds of locations, millions of passengers, and tens of thousands of dedicated employees, arenaflex is more than a carrier—it is a catalyst for connection, cultural exchange, and economic opportunity. Our purpose, “Connecting People, Uniting the World,” drives every decision we make, from the way we design our aircraft to the way we nurture our talent.

In today’s rapidly evolving digital landscape, security is the backbone of every successful operation. arenaflex’s Digital Technology division is a worldwide network of engineers, data scientists, and security specialists who collaborate to build resilient, scalable, and future‑ready technology platforms. As part of this ecosystem, the Director of Application Cybersecurity will shape the security posture of our critical applications, ensuring that the digital experiences we deliver to passengers, partners, and internal teams are safe, reliable, and compliant.

If you thrive on leading high‑performing teams, crafting forward‑thinking security strategies, and influencing enterprise‑wide change, arenaflex offers a unique stage to showcase your expertise while enjoying the flexibility of a remote‑first work model.

Key Responsibilities

The Director of Application Cybersecurity will be accountable for the end‑to‑end security lifecycle of arenaflex’s software applications. This role blends strategic vision with hands‑on execution, partnering across architecture, development, operations, and risk management to embed security into every line of code.

Team Leadership & Development

• Recruit, mentor, and retain a world‑class team of application security engineers, analysts, and automation specialists.
• Foster a culture of continuous learning, encouraging certifications, knowledge‑sharing sessions, and cross‑functional collaboration.
• Set clear performance objectives, conduct regular coaching, and provide growth pathways aligned with arenaflex’s career development framework.

Strategic Planning & Policy Governance

• Design and execute a comprehensive application security strategy that aligns with arenaflex’s overall cybersecurity roadmap and business objectives.
• Develop, maintain, and enforce security policies, standards, and procedures that incorporate secure coding practices, verification, and automation.
• Ensure policies reflect current regulatory requirements (e.g., PCI‑DSS, GDPR, CCPA) and industry best practices such as NIST and ISO 27001.

Application Security Assessment & Automation

• Lead regular security assessments, including static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and software composition analysis (SCA).
• Implement automated security testing pipelines within CI/CD workflows to achieve “shift‑left” security and reduce time‑to‑remediate.
• Collaborate with development teams to triage findings, prioritize remediation, and verify fixes before production release.

Security Architecture Review & Guidance

• Partner with the IT architecture team to evaluate and harden the security architecture of new and existing applications.
• Recommend security controls, encryption mechanisms, authentication frameworks, and micro‑service hardening techniques.
• Provide architectural guidance on emerging technologies such as cloud‑native services, serverless computing, and container orchestration.

Training, Awareness, and Advocacy

• Develop and deliver targeted training programs that raise awareness of application security threats, secure development lifecycles, and verification automation.
• Act as a security champion across the organization, influencing product owners, engineers, and business stakeholders to adopt security‑first mindsets.
• Maintain a repository of security best‑practice documentation, cheat sheets, and toolkits for easy reference.

Incident Response & Risk Management

• Support the incident response team by providing expertise on application‑related breaches, conducting root‑cause analysis, and recommending corrective actions.
• Perform risk assessments for new application initiatives, quantifying potential impact and recommending mitigation strategies.
• Track and report key security metrics, trends, and compliance status to senior leadership and the board of directors.

Essential Qualifications (Minimum Requirements)

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related STEM field.
• At least 12 years of progressive experience in security‑focused roles, with a minimum of 5 years leading application security programs.
• Demonstrated expertise with security assessment tools and techniques, including SAST, DAST, IAST, and SCA.
• Deep understanding of web application security concepts, especially the OWASP Top 10, and experience applying verification and automation tools.
• Proven track record of developing and implementing security policies, procedures, and standards that integrate verification and automation principles.
• Strong knowledge of regulatory frameworks and compliance requirements relevant to application security (e.g., PCI‑DSS, GDPR, CCPA).
• Exceptional leadership, communication, and stakeholder‑management skills, with the ability to influence cross‑functional teams.
• Analytical mindset with excellent problem‑solving abilities and a passion for staying ahead of emerging threats.
• Legal authorization to work in the United States without sponsorship.
• Commitment to reliable, punctual attendance and successful completion of the interview process.

Preferred Qualifications (Nice‑to‑Have)

• Master’s degree in a relevant discipline.
• 15+ years of experience in security‑focused roles, particularly in large, complex enterprises.
• Industry‑recognized certifications such as CEH, GSEC, CISM, CISSP, CISA, SSCP, CASP, OSCP, or equivalent.
• Advanced cloud security credentials (e.g., AWS Solutions Architect – Professional, Azure Security Engineer, Google Cloud Professional Security Engineer).
• Experience with Security Technical Implementation Guide (STIG) standards and their practical application.
• Knowledge of application security considerations for industrial control systems and OT environments.
• Hands‑on experience with security automation platforms (e.g., HashiCorp Sentinel, Ansible, Terraform) and orchestration tools.
• Demonstrated ability to lead large‑scale security transformation initiatives that deliver measurable risk reduction.

Core Skills & Competencies

• Technical Acumen: Mastery of secure software development lifecycle (SDLC), threat modeling, and vulnerability management.
• Automation Expertise: Ability to design and implement automated security testing pipelines that integrate with DevOps tools such as Jenkins, GitLab CI, Azure DevOps, and GitHub Actions.
• Strategic Vision: Capacity to translate business objectives into actionable security strategies that balance risk and innovation.
• Collaboration: Proven ability to work effectively with architects, developers, product managers, and executive leadership.
• Communication: Clear, concise, and persuasive communication style for both technical and non‑technical audiences.
• Continuous Learning: Commitment to professional development and staying current with evolving cyber threats, tools, and regulatory changes.

Career Growth & Learning Opportunities

arenaflex invests heavily in the professional development of its leaders. As Director of Application Cybersecurity, you will have access to:

• Executive mentorship programs that connect you with senior leaders across the organization.
• Fully funded certifications, conferences, and advanced training courses.
• Opportunities to lead cross‑functional security initiatives that influence global business strategy.
• Rotational assignments that broaden exposure to cloud, data analytics, and emerging technology domains.
• A vibrant internal community of security practitioners, including Business Resource Groups focused on diversity, inclusion, and innovation.

Work Environment & Culture at arenaflex

arenaflex embraces a remote‑first culture while fostering a sense of belonging and collaboration. Our employees enjoy:

• Flexible work schedules that empower you to balance personal commitments with professional responsibilities.
• A supportive, inclusive environment where diverse perspectives are celebrated and ideas are encouraged.
• Regular virtual town halls, team‑building events, and global meet‑ups that keep remote employees connected.
• State‑of‑the‑art collaboration tools, secure VPN access, and a robust home‑office stipend.
• A commitment to sustainability and corporate responsibility, aligning your work with a purpose‑driven mission.

Compensation, Perks & Benefits

arenaflex offers a competitive total rewards package designed to attract and retain top talent. While exact figures may vary based on experience, education, and market factors, the package typically includes:

• Base salary ranging from $157,725 to $231,330 per year.
• Eligibility for performance‑based bonuses and long‑term incentive plans.
• Comprehensive medical, dental, vision, life, accident, and disability insurance.
• Generous paid time off, holidays, and parental leave programs.
• 401(k) retirement plan with company matching contributions.
• Employee assistance programs, wellness resources, and mental‑health support.
• Travel privileges, including space‑available flight benefits for you and eligible family members.
• Professional development budget, certification reimbursement, and tuition assistance.
• Home‑office equipment allowance and technology stipend to ensure a productive remote workspace.

Application Process & Next Steps

arenaflex is committed to building a diverse and inclusive workforce. We encourage candidates of all backgrounds to apply, even if you do not meet every listed qualification. Your unique experiences and perspectives are valuable to our mission.

To be considered for this exciting leadership role, please submit your resume and a concise cover letter outlining your relevant experience, leadership philosophy, and why you are passionate about securing arenaflex’s applications.

We will review applications on a rolling basis and contact qualified candidates for an initial virtual interview. Successful candidates will progress through a series of technical and behavioral assessments, culminating in a final interview with senior leadership.

Join arenaflex and Shape the Future of Aviation Security

If you are ready to lead a high‑impact security function, drive innovation, and protect the digital experiences of millions of travelers worldwide, arenaflex wants to hear from you. Apply today and become a pivotal part of a forward‑thinking organization that values your expertise, fosters your growth, and rewards your contributions.

Apply Now – Start Your Journey with arenaflex!