JetBlue is a leading airline company that emphasizes cybersecurity through risk management and operational resilience. The Analyst, Vulnerability Management - Cloud plays a crucial role in supporting the company's vulnerability management program by identifying, analyzing, and coordinating remediation of cloud vulnerabilities across its multi-cloud environment.
Conduct and support vulnerability assessments across cloud-hosted infrastructure, cloud configurations, containers, Kubernetes, infrastructure as code, application components, and related cloud services
Use approved vulnerability management, cloud security, CSPM/CNAPP, container, code-scanning, and external attack-surface tools to identify vulnerabilities, misconfigurations, exposed services, outdated software, and insecure deployment patterns
Analyze findings using severity, exploitability, CISA KEV status, exposure, asset criticality, data sensitivity, compensating controls, and business impact
Coordinate with cloud engineering, DevOps, application, infrastructure, and product owners to prioritize and track remediation through patching, configuration changes, code changes, image updates, infrastructure-as-code changes, or compensating controls
Validate remediation through rescans, evidence review, configuration review, ticket closure checks, or other approved verification methods
Assist with authenticated scan coverage, agent deployment coordination, cloud account onboarding, asset tagging, ownership validation, and CMDB/application mapping
Support remediation governance by tracking findings against JetBlue policy timelines and escalating overdue, disputed, or blocked remediation items
Collaborate with engineering and QA teams to ensure proper Software Development Life Cycle (SDLC) practices and minimize the release of vulnerable software through the deployment pipeline
Route non-remediated or delayed findings through the approved cyber risk exception / acceptance process when required
Configure and maintain vulnerability metrics and reporting for cloud findings, remediation progress, risk exposure, aging, coverage gaps, recurring issues, and exception trends
Partner with Threat Intelligence, Detection & Response, Penetration Testing, and Application Security teams to incorporate active exploitation, external exposure, attack path, and test-result context into prioritization
Support Cyber compliance requirements with evidence, reporting, and control validation for PCI, SOX, TSA-related obligations, and other applicable oversight frameworks
Participate in cross-functional working sessions to improve cloud vulnerability remediation processes, reduce direct exposure, strengthen compensating controls, and improve cloud security visibility
Other duties as assigned
Qualification
Required
Bachelor's Degree in Computer Science, Information Security, Information Technology, Cybersecurity, Cloud Computing, or a related field; OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant work experience
One (1) year of experience in vulnerability management, cloud security, security operations, infrastructure security, DevOps, application security, or a related cybersecurity role
Working knowledge of at least one major cloud provider; AWS/Azure preferred
Experience with vulnerability scanning tools such as Tenable, Qualys, Rapid7, Prisma Cloud, Wiz, Defender for Cloud, AWS Inspector, or similar
Understanding of cloud shared responsibility models, cloud networking, identity, compute, storage, containers, Kubernetes, and infrastructure-as-code concepts
Ability to analyze scan results, identify false positives, validate risk, and communicate remediation needs clearly
Knowledge of vulnerability risk factors such as CVSS, exploitability, internet exposure, asset criticality, data sensitivity, compensating controls, and remediation timelines
Familiarity with patch management, configuration remediation, change management, and remediation validation
Strong written and verbal communication skills with the ability to interact effectively with stakeholders across all levels of the organization
Ability to work collaboratively with Cybersecurity, IT, DevOps, infrastructure, product, application, compliance, and managed service provider teams
Available for occasional overnight travel (10%)
Must pass a pre-employment drug test
Must be legally eligible to work in the country in which the position is located
Authorization to work in the United States is required; this position is not eligible for visa sponsorship
Preferred
Two (2) years of experience in vulnerability management, cloud security, DevSecOps, infrastructure security, or application security
Experience with CSPM, CNAPP, CWPP, container scanning, code scanning, IaC scanning, or external attack surface management
Working knowledge with AWS Systems Manager, Azure Update Manager, cloud-native patching tools, or enterprise patch platforms
Understanding with Kubernetes, container registries, golden images, base-image maintenance, and CI/CD security gates
Experience using Terraform, CloudFormation, ARM/Bicep, Kubernetes manifests, or other infrastructure-as-code technologies
Knowledge of NIST CSF, CIS Controls, CIS Benchmarks, PCI DSS, TSA cybersecurity requirements, ISO 27001, or similar standards
Certifications such as Security+, CySA+, AWS Security Specialty, Azure Security Engineer, Google Professional Cloud Security Engineer, CCSK, CCSP, or equivalent
Benefits
Access to healthcare benefits
A 401(k) plan and company match
Crewmember stock purchase plan
Short-term and long-term disability coverage
Basic life insurance
Free space available travel on JetBlue
JetBlue — New York's Hometown Airline — was born at JFK in 1999 with the mission of bringing humanity back to air travel, and is now a leading carrier in NYC, Boston, Fort Lauderdale, Orlando, and San Juan.
Glassdoor
3.7
Founded in 1998
Long Island City, New York, USA
10001+ employees
http://www.jetblue.com/
JetBlue — New York's Hometown Airline — was born at JFK in 1999 with the mission of bringing humanity back to air travel, and is now a leading carrier in NYC, Boston, Fort Lauderdale, Orlando, and San Juan.
