Analyst IT Vulnerability Management

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Security, Information Technology, Cybersecurity, Cloud Computing, or a related field; OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant work experience
• One (1) year of experience in vulnerability management, cloud security, security operations, infrastructure security, DevOps, application security, or a related cybersecurity role.
• Working knowledge of at least one major cloud provider; AWS/Azure preferred.
• Experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, Prisma Cloud, Wiz, Defender for Cloud, AWS Inspector, or similar.
• Understanding of cloud shared responsibility models, cloud networking, identity, compute, storage, containers, Kubernetes, and infrastructure-as-code concepts.
• Ability to analyze scan results, identify false positives, validate risk, and communicate remediation needs clearly.
• Knowledge of vulnerability risk factors such as CVSS, exploitability, internet exposure, asset criticality, data sensitivity, compensating controls, and remediation timelines.
• Familiarity with patch management, configuration remediation, change management, and remediation validation.
• Strong written and verbal communication skills with the ability to interact effectively with stakeholders across all levels of the organization.
• Ability to work collaboratively with Cybersecurity, IT, DevOps, infrastructure, product, application, compliance, and managed service provider teams.
• Available for occasional overnight travel (10%).
• Must pass a pre-employment drug test.
• Must be legally eligible to work in the country in which the position is located.
• Authorization to work in the United States is required; this position is not eligible for visa sponsorship.

Nice To Haves

• Two (2) years of experience in vulnerability management, cloud security, DevSecOps, infrastructure security, or application security.
• Experience with CSPM, CNAPP, CWPP, container scanning, code scanning, IaC scanning, or external attack surface management.
• Working knowledge with AWS Systems Manager, Azure Update Manager, cloud-native patching tools, or enterprise patch platforms.
• Understanding with Kubernetes, container registries, golden images, base-image maintenance, and CI/CD security gates.
• Experience using Terraform, CloudFormation, ARM/Bicep, Kubernetes manifests, or other infrastructure-as-code technologies.
• Knowledge of NIST CSF, CIS Controls, CIS Benchmarks, PCI DSS, TSA cybersecurity requirements, ISO 27001, or similar standards.
• Certifications such as Security+, CySA+, AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, CCSK, CCSP, or equivalent.

Responsibilities

• Conduct and support vulnerability assessments across cloud-hosted infrastructure, cloud configurations, containers, Kubernetes, infrastructure as code, application components, and related cloud services.
• Use approved vulnerability management, cloud security, CSPM/CNAPP, container, code-scanning, and external attack-surface tools to identify vulnerabilities, misconfigurations, exposed services, outdated software, and insecure deployment patterns.
• Analyze findings using severity, exploitability, CISA KEV status, exposure, asset criticality, data sensitivity, compensating controls, and business impact.
• Coordinate with cloud engineering, DevOps, application, infrastructure, and product owners to prioritize and track remediation through patching, configuration changes, code changes, image updates, infrastructure-as-code changes, or compensating controls.
• Validate remediation through rescans, evidence review, configuration review, ticket closure checks, or other approved verification methods.
• Assist with authenticated scan coverage, agent deployment coordination, cloud account onboarding, asset tagging, ownership validation, and CMDB/application mapping.
• Support remediation governance by tracking findings against JetBlue policy timelines and escalating overdue, disputed, or blocked remediation items.
• Collaborate with engineering and QA teams to ensure proper Software Development Life Cycle (SDLC) practices and minimize the release of vulnerable software through the deployment pipeline.
• Route non-remediated or delayed findings through the approved cyber risk exception / acceptance process when required.
• Configure and maintain vulnerability metrics and reporting for cloud findings, remediation progress, risk exposure, aging, coverage gaps, recurring issues, and exception trends.
• Partner with Threat Intelligence, Detection & Response, Penetration Testing, and Application Security teams to incorporate active exploitation, external exposure, attack path, and test-result context into prioritization.
• Support Cyber compliance requirements with evidence, reporting, and control validation for PCI, SOX, TSA-related obligations, and other applicable oversight frameworks.
• Participate in cross-functional working sessions to improve cloud vulnerability remediation processes, reduce direct exposure, strengthen compensating controls, and improve cloud security visibility.
• Other duties as assigned.

Benefits

• access to healthcare benefits
• a 401(k) plan and company match
• crewmember stock purchase plan
• short-term and long-term disability coverage
• basic life insurance
• free space available travel on JetBlue