Title:  Analyst IT Vulnerability Management

Position Summary:

At JetBlue, cyber security is driven by the concepts of Risk Management and Threat-Informed Defense, the study of current threats, actors and techniques to prioritize risks and adapt defenses, controls and resources to those constantly-changing dynamics. The Crew Member in this role is responsible for conducting vulnerability assessments in our traditional on-premises and data center environments, analyzing results, and collaborating with cross-functional teams to ensure timely remediation. Reporting to the Manager of Vulnerability Management, the Analyst will contribute to the effectiveness of our vulnerability management program and assist in safeguarding our systems and data.

Essential Responsibilities:

• Assist the IT and Cyber teams with identification and remediation of vulnerabilities across our traditional on-premises, data center and corporate network environments.
• Conduct regular vulnerability assessments using automated scanning tools to identify security weaknesses, out-of-date versions and vulnerable systems across our corporate, data-center and multi-cloud environments.
• Analyze scan results and assess vulnerabilities with regard to severity, impact, and potential risk to the organization and collaborate with system owners and IT teams to prioritize and coordinate remediation via patching and/or mitigating controls.
• Collaborate with engineering and QA teams to ensure proper SSDLC practices and minimize the release of any vulnerable software through our deployment pipeline.
• Assist in developing and updating vulnerability management policies and procedures, and in implementing those processes across our hybrid network environment.
• Generate accurate and concise vulnerability assessment reports, including metrics on risk, vulnerability exposure and remediation progress.
• Coordinate directly with the threat intelligence and pen-test teams regarding emerging vulnerabilities, active exploits, changes in our attack surface and other factors that influence prioritization and risk.
• Assist in planning and reviewing penetration and red-team test results to identify and address vulnerabilities that may not be identified through automated scanning.
• Participate in cross-functional meetings to maintain strong communication with IT, networking, systems owners and MSPs and collaborate with other contributors to ensure timely remediation or mitigation of security risks.
• Support our Cyber GRC team to ensure successful compliance with Payment Card (PCI), Sarbanes-Oxley and other required oversight frameworks
• Other duties as assigned

Minimum Experience and Qualifications:

• Bachelor's Degree in Computer Science, Information Security, or a related field; OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant work experience
• One (1) year of experience in vulnerability management, information security, or related roles
• Proficiency with vulnerability scanning tools such as Nessus, Qualys, Rapid7, or similar.
• Basic understanding of risk assessment methodologies and ability to evaluate vulnerabilities' potential impact to the business.
• Familiarity with patch management tools and processes for deploying security updates.
• Technical understanding of network and system architecture, operating systems, and common vulnerabilities.
• Excellent written and verbal communication skills.
• Ability to work collaboratively across teams, including IT, development, and compliance.
• Detail-oriented approach to analyzing scan results and identifying false positives.
• Available for occasional overnight travel (10%)
• Must pass pre-employment drug test
• Must be legally eligible to work in the country in which the position is located
• Authorization to work in the US is required, this position is not eligible for visa sponsorship 

Preferred Experience and Qualifications:

• Past experience specifically in Programs beyond/outside of OS and infrastructure level vulnerabilities, e.g. application, container and cloud (GCP, Azure) vulnerability management.
• Familiarity with security frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, or CIS Controls is a plus.
• Entry-level certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP) Associate, or equivalent are advantageous.

Crewmember Expectations:

• Regular attendance and on time punctuality
• Potential need to work flexible hours and be available to respond on short-notice
• Able to maintain a professional appearance
• When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
• Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
• Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy and behavioral standards
• The use of ChatGPT or any other automated tool during the interview process will disqualify a candidate from being considered for the position.

Equipment:

• Computer and other office equipment

Work Environment:

• Traditional office environment

Physical Effort: 

• Generally not required, or up to 10 pounds occasionally, 0 pounds frequently (Sedentary)

Compensation:

• The base pay range for this position is between $60,000.00 and $112,000.00 per year. Base pay is one component of JetBlue’s total compensation package, which may also include access to healthcare benefits, a 401(k) plan and company match, crewmember stock purchase plan, short-term and long-term disability coverage, basic life insurance, free space available travel on JetBlue, and more.

#LI-AC1

#LI-Hybrid