Position Title: Analyst Vulnerability Management - Network (OSC, SSC, DCO)
Position Summary
At JetBlue, cyber security is driven by the concepts of Risk Management and Threat-Informed Defense, the study of current threats, actors and techniques to prioritize risks and adapt defenses, controls and resources to those constantly-changing dynamics. The Crewmember in this role is responsible for conducting vulnerability assessments in our traditional on-premises and data center environments, analyzing results, and collaborating with cross-functional teams to ensure timely remediation. Reporting to the Manager of Vulnerability Management, the Analyst will contribute to the effectiveness of our vulnerability management program and assist in safeguarding our systems and data.
Essential Responsibilities
- Assist the IT and Cyber teams with identification and remediation of vulnerabilities across our traditional on-premises, data center and corporate network environments.
- Conduct regular vulnerability assessments using automated scanning tools to identify security weaknesses, out-of-date versions and vulnerable systems across our corporate, data-center and multi-cloud environments.
- Analyze scan results and assess vulnerabilities with regard to severity, impact, and potential risk to the organization and collaborate with system owners and IT teams to prioritize and coordinate remediation via patching and/or mitigating controls.
- Collaborate with engineering and Quality Assurance (QA) teams to ensure proper Secure Software Development Life Cycle (SSDLC) practices and minimize the release of any vulnerable software through our deployment pipeline.
- Assist in developing and updating vulnerability management policies and procedures, and in implementing those processes across our hybrid network environment.
- Generate accurate and concise vulnerability assessment reports, including metrics on risk, vulnerability exposure and remediation progress.
- Coordinate directly with the threat intelligence and pen-test teams regarding emerging vulnerabilities, active exploits, changes in our attack surface and other factors that influence prioritization and risk.
- Assist in planning and reviewing penetration and red-team test results to identify and address vulnerabilities that may not be identified through automated scanning.
- Participate in cross-functional meetings to maintain strong communication with IT, networking, systems owners and Managed Service Providers (MSPs) and collaborate with other contributors to ensure timely remediation or mitigation of security risks.
- Support our Cyber GRC team to ensure successful compliance with Payment Card (PCI), Sarbanes-Oxley and other required oversight frameworks.
- Other duties as assigned.