Analyst IT Vulnerability Management

Analyst IT Vulnerability Management

Location: Long Island City, NY, US, 11101 Washington, DC, US, 20005 Orlando, FL, US, 32827 Salt Lake City, UT, US, 84121 Req ID: 58229 Category: Information Technology

Position Summary: At JetBlue, cybersecurity is driven by risk management, threat-informed defense, and operational resilience. The Analyst, Vulnerability Management - Cloud supports JetBlue's vulnerability management program across cloud-hosted infrastructure, cloud control planes, containers, infrastructure as code, and application-adjacent cloud services. This crewmember identifies, analyzes, validates, reports, and coordinates remediation of cloud vulnerabilities and misconfigurations across JetBlue's multi-cloud environment, including AWS, Azure, GCP, OCI, and future cloud platforms as adopted. The analyst works closely with Cybersecurity, Cloud Engineering, DevOps, Infrastructure, Application, Product, GRC, Threat Intelligence, and Managed Service Provider teams to improve vulnerability visibility, remediation accountability, and risk-based prioritization.

Essential Responsibilities:

• Conduct and support vulnerability assessments across cloud-hosted infrastructure, cloud configurations, containers, Kubernetes, infrastructure as code, application components, and related cloud services.
• Use approved vulnerability management, cloud security, CSPM/CNAPP, container, code-scanning, and external attack-surface tools to identify vulnerabilities, misconfigurations, exposed services, outdated software, and insecure deployment patterns.
• Analyze findings using severity, exploitability, CISA KEV status, exposure, asset criticality, data sensitivity, compensating controls, and business impact.
• Coordinate with cloud engineering, DevOps, application, infrastructure, and product owners to prioritize and track remediation through patching, configuration changes, code changes, image updates, infrastructure-as-code changes, or compensating controls.
• Validate remediation through rescans, evidence review, configuration review, ticket closure checks, or other approved verification methods.
• Assist with authenticated scan coverage, agent deployment coordination, cloud account onboarding, asset tagging, ownership validation, and CMDB/application mapping.
• Support remediation governance by tracking findings against JetBlue policy timelines and escalating overdue, disputed, or blocked remediation items.
• Collaborate with engineering and QA teams to ensure proper Software Development Life Cycle (SDLC) practices and minimize the release of vulnerable software through the deployment pipeline.
• Route non-remediated or delayed findings through the approved cyber risk exception/acceptance process when required.
• Configure and maintain vulnerability metrics and reporting for cloud findings, remediation progress, risk exposure, aging, coverage gaps, recurring issues, and exception trends.
• Partner with Threat Intelligence, Detection & Response, Penetration Testing, and Application Security teams to incorporate active exploitation, external exposure, attack path, and test-result context into prioritization.
• Support Cyber compliance requirements with evidence, reporting, and control validation for PCI, SOX, TSA-related obligations, and other applicable oversight frameworks.
• Participate in cross-functional working sessions to improve cloud vulnerability remediation processes, reduce direct exposure, strengthen compensating controls, and improve cloud security visibility.

Minimum Experience and Qualifications:

• Bachelor's Degree in Computer Science, Information Security, Information Technology, Cybersecurity, Cloud Computing, or a related field; OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant work experience.
• One (1) year of experience in vulnerability management, cloud security, security operations, infrastructure security, DevOps, application security, or a related cybersecurity role.
• Working knowledge of at least one major cloud provider; AWS/Azure preferred.
• Experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, Prisma Cloud, Wiz, Defender for Cloud, AWS Inspector, or similar.
• Understanding of cloud shared responsibility models, cloud networking, identity, compute, storage, containers, Kubernetes, and infrastructure-as-code concepts.
• Ability to analyze scan results, identify false positives, validate risk, and communicate remediation needs clearly.
• Knowledge of vulnerability risk factors such as CVSS, exploitability, internet exposure, asset criticality, data sensitivity, compensating controls, and remediation timelines.
• Familiarity with patch management, configuration remediation, change management, and remediation validation.
• Strong written and verbal communication skills with the ability to interact effectively with stakeholders across all levels of the organization.
• Ability to work collaboratively with Cybersecurity, IT, DevOps, infrastructure, product, application, compliance, and managed service provider teams.

Available for occasional overnight travel (10%). Must pass a pre-employment drug test. Must be legally eligible to work in the country in which the position is located. Authorization to work in the United States is required; this position is not eligible for visa sponsorship.

Compensation: The base pay range for this position is between $70,000.00 and $120,000.00 per year. Base pay is one component of JetBlue's total compensation package, which may also include access to healthcare benefits, a 401(k) plan and company match, crewmember stock purchase plan, short-term and long-term disability coverage, basic life insurance, free space available travel on JetBlue, and more.

JetBlue Airways is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status, or any other legally protected basis.