Title:  Associate Engineer Security

Position Title: Associate Security Engineer

Position Summary

At JetBlue, cyber security is driven by Threat-Informed Defense, which studies current threats, actors, and TTPs to identify the most likely risks and adapt defenses, controls, and intelligence collection to those constantly-changing dynamics. In addition, the Associate Security Engineer will manage the creation, testing, and refinement of threat detection-and-alerting programs across JetBlue’s entire cyber security toolset in alignment with up-to-the-minute intel and contribute directly to ongoing daily threat-hunting activities. Essential duties include; the configuration, testing, refinement, and maintenance of detection schemes, alerting and escalation processes, and security automation and orchestration for rapid Incident detection and response.

The Associate Security Engineer works directly and in continuous concert with other teams; Threat Intelligence (to understand the up-to-the-minute threat landscape to craft event detections and behavioral heuristics), the SOC and IR teams (to test and refine the quality and fidelity of monitoring and detections) and the Attack Simulation, Pen Test, and Red Team members of the team to design, test and measure security control and human performance. As such, interpersonal and communication skills, relationship-building, and organizational effectiveness will be as important as technical acumen for the successful candidate.

Essential Responsibilities

· Perform direct and free-form log and raw data analysis to identify trends and anomalies indicative of malicious activities.

· Coordinate daily with the threat intelligence team to understand, model and simulate and detect known attack chains and novel TTPs

· Analyze telemetry data to identify signals indicative of sophisticated fraud or threat actors, and refine and institutionalize novel event- and behavior-driven detections for those patterns

· Develop hypotheses and novel approaches for, and periodically lead, daily Threat Hunting exercises

· Mentor and cross-train Cyber team members from other disciplines in the art and science of Threat Hunting in the JetBlue environment

· Track and report progress and effectiveness of novel detections and hypotheses using metrics that communicate impact and value, i.e. help answer the perennial question “how do you measure security and whether it is working?”

· Identify stakeholder needs and drive projects to improve the dissemination of actionable intelligence through automation or education

· Take large, complex projects and break them down into manageable pieces, develop functional specifications, then deliver them in a successful and timely manner.

· Deep dive analysis of Network-, Device- and User-Behavior to identify control gaps, logging gaps, suspicious activity and create plans to mitigate and drive incremental security improvements to closure

· Other duties as assigned

Minimum Experience and Qualifications

· Bachelor's Degree in computer science, engineering, data analysis, intelligence OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant experience

· One (1) year of experience programming in one or more languages including C/C++, Java, Python, Ruby, Go etc.

· Strong capabilities in SQL, BigQuery and/or other database query language(s)

· Demonstrable understanding of computer networking, DNS, and the basics of network architecture

· Academic or professional experience with Red/Blue/Purple team exercises, CTF competitions or similar practical, hands-on experience attacking or defending a live network

· Demonstrable ability to attack complex problems in a structured way and assess outcomes with quantitative rigor

· Experience with JIRA or similar Agile-style process-management tools to manage daily activity and short-term objectives

· Available for occasional overnight travel (20%)

· Must pass a ten (10) year background check and pre-employment drug test

· Legally eligible to work in the country in which the position is located

· Authorization to work in the US is required. This position is not eligible for visa sponsorship

Preferred Experience and Qualifications

· Knowledge of Yara/Yara-L computer languages

· Demonstrable ability to work effectively across security functions and integrate Security/Tool engineering with Hunting, Intel, Application Security, Operations, Incident Response etc.

· Hands-on experience configuring and managing Network Traffic Analysis tools such as Vectra, Darktrace, Extrahop or similar

· Hands-on experience configuring and managing detections and creating rules in a SIEM platform

· Experience investigating suspicious activity and threat-hunting via SIEM, NDR, EDR, Mail Security and other common elements of a Security tech stack

· Familiarity or experience with the air transport industry, global reservation systems, and the air travel market and distribution channels

· Demonstrable capacity for the quantitative and visual presentation of complex information

· Ability to work on multiple projects simultaneously

· Ability to develop relationships across departments and navigate highly complex enterprise/business partner relationships

· Able to articulate technical processes, both oral and written, to different audiences and varying levels of technical knowledge

Crewmember Expectations:

· Regular attendance and on time punctuality

· Potential need to work flexible hours and be available to respond on short-notice

· Able to maintain a professional appearance

· When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft

· Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion

· Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy and behavioral standards

· Identify safety concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report(SAR))

Equipment:

· Computer and other office equipment

Work Environment:

· Normal office environment

Physical Effort:

· Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)

#LI-RM1