Analyst IT Vulnerability Management

2 months ago

Washington, Washington, D.C., United States JetBlue Airways Corporation Full time

Analyst IT Vulnerability Management
JetBlue Airways Corporation - Washington, DC
Position Title: Analyst Vulnerability Management - Network

Position Summary
At JetBlue, cyber security is driven by the concepts of Risk Management and Threat-Informed Defense, the study of current threats, actors and techniques to prioritize risks and adapt defenses, controls and resources to those constantly-changing dynamics. The Crewmember in this role is responsible for conducting vulnerability assessments in our traditional on-premises and data center environments, analyzing results, and collaborating with cross-functional teams to ensure timely remediation. Reporting to the Manager of Vulnerability Management, the Analyst will contribute to the effectiveness of our vulnerability management program and assist in safeguarding our systems and data.

Essential Responsibilities

Assist the IT and Cyber teams with identification and remediation of vulnerabilities across our traditional on-premises, data center and corporate network environments.
Conduct regular vulnerability assessments using automated scanning tools to identify security weaknesses, out-of-date versions and vulnerable systems across our corporate, data-center and multi-cloud environments.
Analyze scan results and assess vulnerabilities with regard to severity, impact, and potential risk to the organization and collaborate with system owners and IT teams to prioritize and coordinate remediation via patching and/or mitigating controls.
Collaborate with engineering and Quality Assurance (QA) teams to ensure proper Secure Software Development Life Cycle (SSDLC) practices and minimize the release of any vulnerable software through our deployment pipeline.
Assist in developing and updating vulnerability management policies and procedures, and in implementing those processes across our hybrid network environment.
Generate accurate and concise vulnerability assessment reports, including metrics on risk, vulnerability exposure and remediation progress.
Coordinate directly with the threat intelligence and pen-test teams regarding emerging vulnerabilities, active exploits, changes in our attack surface and other factors that influence prioritization and risk.
Assist in planning and reviewing penetration and red-team test results to identify and address vulnerabilities that may not be identified through automated scanning.
Participate in cross-functional meetings to maintain strong communication with IT, networking, systems owners and Managed Service Providers (MSPs) and collaborate with other contributors to ensure timely remediation or mitigation of security risks.
Support our Cyber GRC team to ensure successful compliance with Payment Card (PCI), Sarbanes-Oxley and other required oversight frameworks.
Other duties as assigned.
Minimum Experience and Qualifications

Bachelor's degree in Computer Science, Information Security, or a related field; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous related work experience
At least one (1) year of experience in vulnerability management, information security, or related roles
Proficiency with vulnerability scanning tools such as Nessus, Qualys, Rapid7, or similar
Basic understanding of risk assessment methodologies and ability to evaluate vulnerabilities' potential impact to the business
Familiarity with patch management tools and processes for deploying security updates
Technical understanding of network and system architecture, operating systems, and common vulnerabilities
Excellent written and verbal communication skills
Ability to work collaboratively across teams, including IT, development, and compliance
Detail-oriented approach to analyzing scan results and identifying false positives
Available for occasional overnight travel (10%)
Must pass a ten (10) year background check and pre-employment drug test
Must be legally eligible to work in the country in which the position is located
Authorization to work in the US is required. This position is not eligible for visa sponsorship
Preferred Experience and Qualifications

At least two (2) years of experience in vulnerability management, information security, or related roles
Past experience specifically in Programs beyond/outside of Operating System (OS) and infrastructure level vulnerabilities, e.g. application, container and cloud (GCP, Azure) vulnerability management
Familiarity with security frameworks and standards such as National Institute of Standards and Technology (NIST) Cybersecurity Framework, ISO 27001, or CIS Controls is a plus
Entry-level certifications such as CompTIA Security+, Certified Information Systems Security Professional (CISSP) Associate, or equivalent are advantageous
Crewmember Expectations:

Regular attendance and punctuality
Potential need to work flexible hours and be available to respond on short-notice
Able to maintain a professional appearance
When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
Promote JetBlue's #1 value of safety as a Safety Ambassador, supporting JetBlue's Safety Management System (SMS) components, Safety Policy and behavioral standards
Identify safety and/or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue's confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))
Equipment:

Computer and other office equipment
Work Environment:

Traditional office environment
Physical Effort:

Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)

  • Lead Vulnerability Management Analyst

    3 hours ago

    Washington, Washington, D.C., United States Summit Technologies, Inc. Full time

    Job OverviewSummit Technologies, Inc. is seeking a Lead Vulnerability Management Analyst to enhance our IT Security operations. This role involves conducting thorough technical assessments, analyzing vulnerabilities, and implementing effective solutions in the realm of vulnerability management and incident response. The position entails a hybrid work model,...

  • Vulnerability Management Specialist

    5 days ago

    Washington, Washington, D.C., United States Govcio LLC Full time

    Position Overview: GovCIO is actively seeking a Vulnerability Management Specialist. This role is integral to our mission of enhancing government IT services.Key Responsibilities: As a Vulnerability Management Specialist, you will oversee the Vulnerability Management Team, focusing on minimizing the attack surface of our global computing assets through...

  • Lead Cybersecurity Vulnerability Analyst

    8 hours ago

    Washington, Washington, D.C., United States Peraton Full time

    Position OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for the secure evaluation and testing of networks and systems, producing comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitation potential, and document findings to formulate mitigation strategies. Execute penetration testing in...

  • Lead Cybersecurity Vulnerability Analyst

    6 days ago

    Washington, Washington, D.C., United States Peraton Full time

    Position OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for the secure evaluation and testing of networks and systems, generating comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitation potential, and document findings to formulate mitigation strategies. Execute penetration testing...

  • Lead Cybersecurity Vulnerability Analyst

    6 hours ago

    Washington, Washington, D.C., United States Peraton Full time

    Position OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for secure analysis and evaluation of networks and systems, producing comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitation risks, and document findings to formulate mitigation strategies. Execute penetration testing in...

  • Lead Cybersecurity Vulnerability Analyst

    8 hours ago

    Washington, Washington, D.C., United States Peraton Full time

    Position OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for secure analysis and evaluation of networks and systems, generating comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitability, and document findings to formulate mitigation strategies. Execute penetration testing in accordance...

  • Cybersecurity Operations Analyst

    5 days ago

    Washington, Washington, D.C., United States RAMPS International Inc. Full time

    Job OverviewPosition: Cybersecurity Operations AnalystDuration: Long-term engagementLocation: RemoteKey Responsibilities:Approximately 5 years of experience in a security analyst role.Establishes and applies security settings for tools aimed at threat detection and prevention.Collaborates with teams to assess and prioritize incident response and...

  • Program Management Analyst Supervisor

    11 hours ago

    Washington, Washington, D.C., United States Department Of Energy Full time

    Position Overview:As a Program Management Analyst Supervisor, you will play a pivotal role in coordinating national initiatives to ensure the resilience of the U.S. energy sector against various emergencies, including natural disasters and cyber threats.Key Responsibilities:Lead efforts in emergency preparedness by engaging in response planning, training,...

  • Information Assurance Analyst

    1 month ago

    Washington, Washington, D.C., United States Excentium, Inc. Full time

    Information Assurance Analyst - SeniorCITIZENSHIP: US Citizenship LOCATION: Remote CLEARANCE: N/AExcentium, Inc. is a Service-Disabled Veteran Owned Small Business (SDVOSB) passionate about reducing the vulnerabilities of our Nation's Cyberspace. Since 2006, we have attacked cyber security challenges on two fronts: by partnering with government to reduce the...

  • Lead Cybersecurity Vulnerability Specialist

    8 hours ago

    Washington, Washington, D.C., United States Peraton Full time

    Position OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for the secure evaluation and testing of networks and systems, generating comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploit risks, and document findings to formulate mitigation strategies. Execute penetration testing in accordance...

  • Lead Cybersecurity Vulnerability Specialist

    8 hours ago

    Washington, Washington, D.C., United States Peraton Full time

    Position OverviewRole Highlights: Employ advanced tools such as Metasploit and Kali Linux for secure evaluation and testing of networks and systems, generating comprehensive vulnerability reports for clients. Detect vulnerabilities, evaluate exploitation risks, and document findings to inform mitigation strategies. Execute penetration testing in accordance...

  • Management and Program Analyst

    2 months ago

    Washington, Washington, D.C., United States Federal Emergency Management Agency Full time

    What will I do in this position if hired?In this Management and Program Analyst position, you will serve as a lead analyst providing technical oversight of analytical projects.Typical assignments include:Conducting highly technical, difficult or novel management and program reviews and investigations characterized by complex features and the lack of...

  • Technical Targeting Analyst

    5 months ago

    Washington, Washington, D.C., United States Non-Departmental Agency Full time

    Summary Technical Targeting Analysts evaluate technical and scientific data to provide insights that unite technical operations and development activities to maximize intelligence collection strategies.Duties As a Technical Targeting Analyst at CIA, you will enable the Agency to collect intelligence against our nation's highest priority threats in a global...

  • Technical Support Analyst

    6 days ago

    Washington, Washington, D.C., United States ALTA IT Services Full time

    Job OverviewTechnical Support Analyst (Intermediate)ONSITE in Washington DC NWShift: 8:00am – 4:30pmU.S. Citizenship is required due to Federal Government regulations.Ability to pass a Federal background check is necessary for Level 4 Public Trust Clearance. This position requires onsite presence, Monday through Friday. POSITION SUMMARY:The Application and...

  • Supervisory Management and Program Analyst

    4 weeks ago

    Washington, Washington, D.C., United States Federal Emergency Management Agency Full time

    What will I do in this position if hired?This position is being hired in compliance with the Hermit's Peak/Calf Canyon Fire Assistance Act to staff the Hermit's Peak/Calf Canyon Claims Office within FEMA.In this Supervisory Management and Program Analyst position, you will fill a leadership role in the Appeals, Audits, and Arbitration Branch of the Hermit's...

  • Supervisory Management and Program Analyst

    2 months ago

    Washington, Washington, D.C., United States Federal Emergency Management Agency Full time

    What will I do in this position if hired?In this position, you will serve as a second level supervisor over a staff of program analysts, who serve as analysts and advisors to management on the evaluation of agency programs and resulting effectiveness issues.Typical assignments include:Providing advice and recommendations regarding program planning and...

  • Management & Program Analyst

    2 months ago

    Washington, Washington, D.C., United States Federal Emergency Management Agency Full time

    What will I do in this position if hired?In this role as a Management & Program Analyst, you will be supporting the Internal Controls Branch.Typical assignments include:Providing leadership with program evaluation results for program effectiveness Preparing and securing program review authorities' approval for program plans, scheduled and resource...

  • Management and Program Analyst

    4 weeks ago

    Washington, Washington, D.C., United States Federal Emergency Management Agency Full time

    What will I do in this position if hired?In this Management and Program Analyst position, you willTypical assignments include:Leading the development and execution of the stakeholder engagement strategy, goals, objectives, relationships, and outreach activities for the Mitigation Framework Leadership Group (MitFLG) and its Task Forces to support successful...

  • Management Analyst

    1 month ago

    Washington, Washington, D.C., United States Federal Transit Administration Full time

    As a Management Analyst / Program Analyst, you will:Serve as an analyst and advisor to management on the evaluation of the effectiveness of government programs.The ideal candidate for this position is motivated, experienced and self- reliant professional with exceptional analytical abilities, and effective communication and customer service skills.

  • Supervisory Management and Program Analyst

    2 months ago

    Washington, Washington, D.C., United States Federal Emergency Management Agency Full time

    What will I do in this position if hired?This position is being hired in compliance with the Hermit's Peak/Calf Canyon Fire Assistance Act to staff the Hermit's Peak/Calf Canyon Fire Claims Office within FEMA.In this Supervisory Management and Program Analyst position, you will lead the development and implementation of policies and doctrine to support the...