Position Title: Senior Analyst Vulnerability Management – Network
Position Summary
At JetBlue, cyber security is driven by the concepts of Risk Management and Threat-Informed Defense, the study of current threats, actors and techniques to prioritize risks and adapt defenses, controls and resources to those constantly-changing dynamics. The crewmember in this role is responsible for conducting vulnerability assessments in our traditional on-premises and data center environments, analyzing results, and collaborating with cross-functional teams to ensure timely remediation. Reporting to the Manager of Vulnerability Management, the Senior Analyst will contribute to the effectiveness of our vulnerability management program and assist in safeguarding our systems and data.
Essential Responsibilities:
- Oversee the identification, analysis, and remediation/mitigation of vulnerabilities across our global hybrid infrastructure, including traditional on-premises, data center, and corporate network environments.
- Collaborate on the design and implementation of vulnerability management strategies and conduct advanced vulnerability assessments using cutting-edge automated tools, while ensuring continuous improvements in scanning processes.
- Perform in-depth analysis of vulnerability assessments, evaluating risks based on their severity, business impact, and potential risk to the organization. Coordinate remediation prioritization efforts and guide IT teams and system owners in coordinating rapid patching or deploying mitigating controls.
- Collaborate with cross-functional teams including engineering, DevOps, and Quality Assurance (QA) to establish security best practices, and support initiatives to integrate secure software development lifecycle (SSDLC) processes into the development pipeline to mitigate security risks prior to deployment.
- Develop, update, and enforce vulnerability management policies, procedures, and frameworks for all network environments, ensuring compliance with industry standards and regulatory requirements.
- Provide strategic insights through comprehensive reports, detailing metrics on vulnerability exposure, risk levels, remediation progress, and overall cybersecurity posture to senior management and stakeholders.
- Serve as the primary liaison with the threat intelligence and penetration testing teams, synthesizing information from multiple sources to continuously monitor and respond to emerging vulnerabilities, exploits, and shifts in the organization's attack surface.
- Support the coordination and planning of penetration tests, red team exercises, and vulnerability assessments, ensuring all findings are addressed through well-documented remediation processes and continuous improvement initiatives.
- Provide guidance as needed to junior vulnerability management analysts and cross-functional team members in vulnerability management practices, patching prioritization, and remediation processes, enhancing organizational cybersecurity awareness.
- Support Cyber Governance, Risk, and Compliance (GRC) teams by ensuring adherence to frameworks such as the Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley, and other relevant regulations, requirements, best practices and standards driving audit readiness and continuous compliance improvements.
- Support special projects and initiatives that enhance the security and resilience of the organization’s network and infrastructure against emerging threats.
- Other duties as assigned.
Minimum Experience and Qualifications:
- Bachelor’s degree in Computer Science, Information Security, or a related field; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous relevant work experience.
- Three (3) years of progressive experience in vulnerability management, network security, or cybersecurity roles.
- Demonstrated expertise in vulnerability scanning tools such as Nessus, Qualys, Rapid7, or similar platforms, with a deep understanding of network, operating system, and application vulnerabilities.
- Proven track record of successfully managing patch management processes and tools across diverse environments, ensuring timely remediation of vulnerabilities.
- Excellent communication and presentation skills with the ability to support across teams.
- Strong collaboration skills, with the ability to support discussions and projects with IT, engineering, and development teams.
- Availability for occasional overnight travel (10%) and the ability to manage global security initiatives across multiple time zones.
- Must pass a pre-employment drug test.
- Must be legally eligible to work in the country in which the position is located.
- Authorization to work in the US is required. This position is not eligible for visa sponsorship.
Preferred Experience and Qualifications:
- Seven (7) years of progressive experience in vulnerability management, network security, or cybersecurity roles OR a High School Diploma/GED and ten (10) years of relevant work experience.
- Advanced certifications such as Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), or Certified Ethical Hacker (CEH) are highly desirable.
- Strong familiarity with industry security frameworks and standards such as the NIST Cybersecurity Framework, ISO 27001, and CIS Controls, and the ability to provide implementation support of these frameworks across enterprise environments.
- Experience in supporting a variety of team members across the organization, fostering a culture of security awareness and best practices throughout the enterprise.
Crewmember Expectations:
- Regular attendance and on time punctuality
- Potential need to work flexible hours and be available to respond on short-notice
- Able to maintain a professional appearance
- When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
- Must be an appropriate organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
- Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy and behavioral standards
- Identify safety and/or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))
- The use of ChatGPT or any other automated tool during the interview process will disqualify a candidate from being considered for the position.
Equipment:
- Computer and other office equipment
Work Environment:
- Traditional office environment
Physical Effort:
- Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)
Compensation:
- The base pay range for this position is between $90,500.00 and $128,600.00 per year. Base pay is one component of JetBlue’s total compensation package, which may also include access to healthcare benefits, a 401(k) plan and company match, crewmember stock purchase plan, short-term and long-term disability coverage, basic life insurance, free space available travel on JetBlue, and more.