Position Title: Analyst Vulnerability Management - Network

Position Summary

At JetBlue, cyber security is driven by the concepts of Risk Management and Threat-Informed Defense, the study of current threats, actors and techniques to prioritize risks and adapt defenses, controls and resources to those constantly-changing dynamics. The Crewmember in this role is responsible for conducting vulnerability assessments in our traditional on-premises and data center environments, analyzing results, and collaborating with cross-functional teams to ensure timely remediation. Reporting to the Manager of Vulnerability Management, the Analyst will contribute to the effectiveness of our vulnerability management program and assist in safeguarding our systems and data.

Essential Responsibilities

• Assist the IT and Cyber teams with identification and remediation of vulnerabilities across our traditional on-premises, data center and corporate network environments.
• Conduct regular vulnerability assessments using automated scanning tools to identify security weaknesses, out-of-date versions and vulnerable systems across our corporate, data-center and multi-cloud environments.
• Analyze scan results and assess vulnerabilities with regard to severity, impact, and potential risk to the organization and collaborate with system owners and IT teams to prioritize and coordinate remediation via patching and/or mitigating controls.
• Collaborate with engineering and Quality Assurance (QA) teams to ensure proper Secure Software Development Life Cycle (SSDLC) practices and minimize the release of any vulnerable software through our deployment pipeline.
• Assist in developing and updating vulnerability management policies and procedures, and in implementing those processes across our hybrid network environment.
• Generate accurate and concise vulnerability assessment reports, including metrics on risk, vulnerability exposure and remediation progress.
• Coordinate directly with the threat intelligence and pen-test teams regarding emerging vulnerabilities, active exploits, changes in our attack surface and other factors that influence prioritization and risk.
• Assist in planning and reviewing penetration and red-team test results to identify and address vulnerabilities that may not be identified through automated scanning.
• Participate in cross-functional meetings to maintain strong communication with IT, networking, systems owners and Managed Service Providers (MSPs) and collaborate with other contributors to ensure timely remediation or mitigation of security risks.
• Support our Cyber GRC team to ensure successful compliance with Payment Card (PCI), Sarbanes-Oxley and other required oversight frameworks.
• Other duties as assigned.

Minimum Experience and Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous related work experience
• At least one (1) year of experience in vulnerability management, information security, or related roles
• Proficiency with vulnerability scanning tools such as Nessus, Qualys, Rapid7, or similar
• Basic understanding of risk assessment methodologies and ability to evaluate vulnerabilities' potential impact to the business
• Familiarity with patch management tools and processes for deploying security updates
• Technical understanding of network and system architecture, operating systems, and common vulnerabilities
• Excellent written and verbal communication skills
• Ability to work collaboratively across teams, including IT, development, and compliance
• Detail-oriented approach to analyzing scan results and identifying false positives
• Available for occasional overnight travel (10%)
• Must pass a ten (10) year background check and pre-employment drug test
• Must be legally eligible to work in the country in which the position is located
• Authorization to work in the US is required. This position is not eligible for visa sponsorship

Preferred Experience and Qualifications

• At least two (2) years of experience in vulnerability management, information security, or related roles
• Past experience specifically in Programs beyond/outside of Operating System (OS) and infrastructure level vulnerabilities, e.g. application, container and cloud (GCP, Azure) vulnerability management
• Familiarity with security frameworks and standards such as National Institute of Standards and Technology (NIST) Cybersecurity Framework, ISO 27001, or CIS Controls is a plus
• Entry-level certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP) Associate, or equivalent are advantageous

Crewmember Expectations:

• Regular attendance and punctuality
• Potential need to work flexible hours and be available to respond on short-notice
• Able to maintain a professional appearance
• When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
• Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
• Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy and behavioral standards
• Identify safety and/or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))

Equipment:

• Computer and other office equipment

Work Environment:

• Traditional office environment

Physical Effort: 

• Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)

#LI-LL1 #LI-Hybrid