Analyst IT Vulnerability Management

About The Position

Requirements

• Bachelor's Degree in Computer Science, Information Security, or a related field; OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant work experience
• One (1) year of experience in vulnerability management, information security, or related roles
• Proficiency with vulnerability scanning tools such as Nessus, Qualys, Rapid7, or similar.
• Basic understanding of risk assessment methodologies and ability to evaluate vulnerabilities' potential impact to the business.
• Familiarity with patch management tools and processes for deploying security updates.
• Technical understanding of network and system architecture, operating systems, and common vulnerabilities.
• Excellent written and verbal communication skills.
• Ability to work collaboratively across teams, including IT, development, and compliance.
• Detail-oriented approach to analyzing scan results and identifying false positives.
• Available for occasional overnight travel (10%)
• Must pass pre-employment drug test
• Must be legally eligible to work in the country in which the position is located
• Authorization to work in the US is required, this position is not eligible for visa sponsorship

Nice To Haves

• Past experience specifically in Programs beyond/outside of OS and infrastructure level vulnerabilities, e.g. application, container and cloud (GCP, Azure) vulnerability management.
• Familiarity with security frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, or CIS Controls is a plus.
• Entry-level certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP) Associate, or equivalent are advantageous.

Responsibilities

• Assist the IT and Cyber teams with identification and remediation of vulnerabilities across our traditional on-premises, data center and corporate network environments.
• Conduct regular vulnerability assessments using automated scanning tools to identify security weaknesses, out-of-date versions and vulnerable systems across our corporate, data-center and multi-cloud environments.
• Analyze scan results and assess vulnerabilities with regard to severity, impact, and potential risk to the organization and collaborate with system owners and IT teams to prioritize and coordinate remediation via patching and/or mitigating controls.
• Collaborate with engineering and QA teams to ensure proper SSDLC practices and minimize the release of any vulnerable software through our deployment pipeline.
• Assist in developing and updating vulnerability management policies and procedures, and in implementing those processes across our hybrid network environment.
• Generate accurate and concise vulnerability assessment reports, including metrics on risk, vulnerability exposure and remediation progress.
• Coordinate directly with the threat intelligence and pen-test teams regarding emerging vulnerabilities, active exploits, changes in our attack surface and other factors that influence prioritization and risk.
• Assist in planning and reviewing penetration and red-team test results to identify and address vulnerabilities that may not be identified through automated scanning.
• Participate in cross-functional meetings to maintain strong communication with IT, networking, systems owners and MSPs and collaborate with other contributors to ensure timely remediation or mitigation of security risks.
• Support our Cyber GRC team to ensure successful compliance with Payment Card (PCI), Sarbanes-Oxley and other required oversight frameworks
• Other duties as assigned

Benefits

• access to healthcare benefits
• a 401(k) plan and company match
• crewmember stock purchase plan
• short-term and long-term disability coverage
• basic life insurance
• free space available travel on JetBlue