Analyst IT Vulnerability Management
2 months ago
Analyst IT Vulnerability Management
JetBlue Airways Corporation - Washington, DC
Position Title: Analyst Vulnerability Management - Network
Position Summary
At JetBlue, cyber security is driven by the concepts of Risk Management and Threat-Informed Defense, the study of current threats, actors and techniques to prioritize risks and adapt defenses, controls and resources to those constantly-changing dynamics. The Crewmember in this role is responsible for conducting vulnerability assessments in our traditional on-premises and data center environments, analyzing results, and collaborating with cross-functional teams to ensure timely remediation. Reporting to the Manager of Vulnerability Management, the Analyst will contribute to the effectiveness of our vulnerability management program and assist in safeguarding our systems and data.
Essential Responsibilities
Assist the IT and Cyber teams with identification and remediation of vulnerabilities across our traditional on-premises, data center and corporate network environments.
Conduct regular vulnerability assessments using automated scanning tools to identify security weaknesses, out-of-date versions and vulnerable systems across our corporate, data-center and multi-cloud environments.
Analyze scan results and assess vulnerabilities with regard to severity, impact, and potential risk to the organization and collaborate with system owners and IT teams to prioritize and coordinate remediation via patching and/or mitigating controls.
Collaborate with engineering and Quality Assurance (QA) teams to ensure proper Secure Software Development Life Cycle (SSDLC) practices and minimize the release of any vulnerable software through our deployment pipeline.
Assist in developing and updating vulnerability management policies and procedures, and in implementing those processes across our hybrid network environment.
Generate accurate and concise vulnerability assessment reports, including metrics on risk, vulnerability exposure and remediation progress.
Coordinate directly with the threat intelligence and pen-test teams regarding emerging vulnerabilities, active exploits, changes in our attack surface and other factors that influence prioritization and risk.
Assist in planning and reviewing penetration and red-team test results to identify and address vulnerabilities that may not be identified through automated scanning.
Participate in cross-functional meetings to maintain strong communication with IT, networking, systems owners and Managed Service Providers (MSPs) and collaborate with other contributors to ensure timely remediation or mitigation of security risks.
Support our Cyber GRC team to ensure successful compliance with Payment Card (PCI), Sarbanes-Oxley and other required oversight frameworks.
Other duties as assigned.
Minimum Experience and Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous related work experience
At least one (1) year of experience in vulnerability management, information security, or related roles
Proficiency with vulnerability scanning tools such as Nessus, Qualys, Rapid7, or similar
Basic understanding of risk assessment methodologies and ability to evaluate vulnerabilities' potential impact to the business
Familiarity with patch management tools and processes for deploying security updates
Technical understanding of network and system architecture, operating systems, and common vulnerabilities
Excellent written and verbal communication skills
Ability to work collaboratively across teams, including IT, development, and compliance
Detail-oriented approach to analyzing scan results and identifying false positives
Available for occasional overnight travel (10%)
Must pass a ten (10) year background check and pre-employment drug test
Must be legally eligible to work in the country in which the position is located
Authorization to work in the US is required. This position is not eligible for visa sponsorship
Preferred Experience and Qualifications
At least two (2) years of experience in vulnerability management, information security, or related roles
Past experience specifically in Programs beyond/outside of Operating System (OS) and infrastructure level vulnerabilities, e.g. application, container and cloud (GCP, Azure) vulnerability management
Familiarity with security frameworks and standards such as National Institute of Standards and Technology (NIST) Cybersecurity Framework, ISO 27001, or CIS Controls is a plus
Entry-level certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP) Associate, or equivalent are advantageous
Crewmember Expectations:
Regular attendance and punctuality
Potential need to work flexible hours and be available to respond on short-notice
Able to maintain a professional appearance
When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy and behavioral standards
Identify safety and/or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))
Equipment:
Computer and other office equipment
Work Environment:
Traditional office environment
Physical Effort:
Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)
-
Analyst IT Vulnerability Management
2 months ago
Washington, Washington, D.C., United States JetBlue Airways Corporation Full timeAnalyst IT Vulnerability ManagementJetBlue Airways Corporation - Washington, DCPosition Title: Analyst Vulnerability Management - NetworkPosition SummaryAt JetBlue, cyber security is driven by the concepts of Risk Management and Threat-Informed Defense, the study of current threats, actors and techniques to prioritize risks and adapt defenses, controls and...
-
Lead Vulnerability Management Analyst
5 days ago
Washington, Washington, D.C., United States Summit Technologies, Inc. Full timeJob OverviewSummit Technologies, Inc. is seeking a Lead Vulnerability Management Analyst to enhance our IT Security operations. This role involves conducting thorough technical assessments, analyzing vulnerabilities, and implementing effective solutions in the realm of vulnerability management and incident response. The position entails a hybrid work model,...
-
Washington, United States Arcetyp LLC Full timeJob DescriptionJob DescriptionSalary: Arcetyp LLC is a growing small business that provides a broad range of consulting services to US Federal Government, US Military, and Commercial clients. Services include Management & IT Consulting, Program & Project Management, and Professional & Admin Services. We are recruiting to fill a position to lead business...
-
Senior Vulnerability Code Analyst
4 days ago
Washington, United States Educology Solutions Full timeJob DescriptionJob DescriptionSalary: ESI is seeking a Senior Vulnerability Code Analyst to support work for one of our customers.Duties & ResponsibilitiesExtensive knowledge and hands on experience in Ruby-on-Rails.Perform vulnerability code analysis on the code running HBXs platforms.Vulnerability code analysis is expected to be performed prior to...
-
Vulnerability Analyst
4 weeks ago
Washington, United States Govcio LLC Full timeOverview: GovCIO is currently hiring for a Vulnerability Manager. This position is located in Washington, D.C. and has a remote hybrid schedule. Responsibilities: In this role, you will lead the Vulnerability Management Team, that participates in the attack surface reduction of global computing assets through the assessment and remediation of...
-
Vulnerability Analyst
4 weeks ago
Washington, United States Govcio LLC Full timeOverview: GovCIO is currently hiring for a Vulnerability Manager. This position is located in Washington, D.C. and has a remote hybrid schedule. Responsibilities: In this role, you will lead the Vulnerability Management Team, that participates in the attack surface reduction of global computing assets through the assessment and remediation of...
-
Senior Vulnerability Analyst
2 months ago
Washington, United States Summit Technologies, Inc. Full timeJob DescriptionJob DescriptionSummit Technologies, Inc. is looking for a Senior Vulnerability Analyst. You will support IT Security management by conducting technical reviews, analyzing, reporting, and utilizing technical solutions in the areas of vulnerability management, issue analysis, response development and execution. This position requires working 2...
-
Senior Vulnerability Code Analyst
4 days ago
Washington, United States CODICE Full timeJob DescriptionJob DescriptionSalary: $60-$75 per hourPOSITION SUMMARY:CODICE seeks a highly skilled Senior Vulnerability Code Analyst specializing in Ruby-on-Rails to join our team. This role is critical in ensuring the security of our client’s platforms by performing thorough vulnerability code analysis prior to the deployment of every change. The ideal...
-
Senior Vulnerability Code Analyst
2 weeks ago
Washington, United States CODICE Full time $60 - $75Job DescriptionJob DescriptionPOSITION SUMMARY: CODICE seeks a highly skilled Senior Vulnerability Code Analyst specializing in Ruby-on-Rails to join our team. This role is critical in ensuring the security of our client’s platforms by performing thorough vulnerability code analysis prior to the deployment of every change. The ideal candidate will possess...
-
Cybersecurity Vulnerability Analyst
1 week ago
Washington, United States Coalfire Federal Full timeAbout Coalfire FederalCoalfire Federal stands as a premier cybersecurity consultancy, delivering independent and customized guidance, evaluations, technical assessments, and a comprehensive range of cybersecurity engineering services to Federal agency clients. With a robust client portfolio and strong relationships with leading cloud and technology firms,...
-
Vulnerability Management Specialist
1 week ago
Washington, Washington, D.C., United States Govcio LLC Full timePosition Overview: GovCIO is actively seeking a Vulnerability Management Specialist. This role is integral to our mission of enhancing government IT services.Key Responsibilities: As a Vulnerability Management Specialist, you will oversee the Vulnerability Management Team, focusing on minimizing the attack surface of our global computing assets through...
-
Sr SOC Analyst
1 month ago
Washington, United States Indigo IT Full timeSenior SOC Analyst Washington, DC (Hybrid onsite and telework) SUMMARY: Founded in 2001, Indigo IT is an award winning information technology consulting and services company. We are a trusted services provider to government agencies seeking innovative Cloud, Cybersecurity, Knowledge Management, and Enterprise solutions. We know our defense, federal, and...
-
Lead Cybersecurity Vulnerability Analyst
5 days ago
Washington, Washington, D.C., United States Peraton Full timePosition OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for secure analysis and evaluation of networks and systems, producing comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitation risks, and document findings to formulate mitigation strategies. Execute penetration testing in...
-
Lead Cybersecurity Vulnerability Analyst
5 days ago
Washington, Washington, D.C., United States Peraton Full timePosition OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for secure analysis and evaluation of networks and systems, generating comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitability, and document findings to formulate mitigation strategies. Execute penetration testing in accordance...
-
Lead Cybersecurity Vulnerability Analyst
5 days ago
Washington, Washington, D.C., United States Peraton Full timePosition OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for the secure evaluation and testing of networks and systems, producing comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitation potential, and document findings to formulate mitigation strategies. Execute penetration testing in...
-
Lead Cybersecurity Vulnerability Analyst
2 weeks ago
Washington, Washington, D.C., United States Peraton Full timePosition OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for the secure evaluation and testing of networks and systems, generating comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitation potential, and document findings to formulate mitigation strategies. Execute penetration testing...
-
Vulnerability Management Support Engineer
3 months ago
Washington, United States Coalfire Federal Full timeCoalfire Federal is a market leading cybersecurity consultancy that provides independent and tailored advice, assessments, technical testing, and a full suite of cybersecurity engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with...
-
Vulnerability Management Support Engineer
1 month ago
Washington, United States Coalfire Federal Full timeCoalfire Federal is a market leading cybersecurity consultancy that provides independent and tailored advice, assessments, technical testing, and a full suite of cybersecurity engineering services to Federal agency customers. Coalfire Federal along with its parent company, Coalfire, has an unparalleled client list with deep customer relationships with...
-
Management Analyst II
2 months ago
Washington, United States Nationwide IT Services Full timeJob DescriptionJob DescriptionManagement Analyst IIPublic TrustHybrid - 3 days per week on-siteNationwide IT Services (NIS) is seeking a Management Analyst II to support the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Health Care Fraud and Abuse Control Program (HCFAC) in obtaining highly skilled management analyst personnel...
-
Exposure Analyst
5 days ago
Washington, United States XM Cyber Ltd Full timeXM Cyber is a leading hybrid cloud security company that’s changing the way organizations approach cyber risk. XM Cyber transforms exposure management by demonstrating how attackers leverage and combine misconfigurations, vulnerabilities, identity exposures, and more, across cloud and on-prem environments to compromise critical assets. With XM Cyber, you...