Incident Responder

Position Title:  Incident Responder – Cyber Security 

Position Summary

At JetBlue, cyber security operates across a complex IT environment, encompassing traditional data centers, Software as a Service (SaaS) services, multiple cloud providers, and a diverse end-user environment. We are committed to providing robust security for our extensive corporate network and our e-commerce platforms. 

We are seeking an experienced Incident Responder who is well versed in analysis of logs and other technical data, and is comfortable and capable of executing all stages of incident response. The ideal candidate will possess a strong understanding of both traditional network and e-commerce-oriented security threats, and be comfortable conducting Response activities in a hybrid environment with an extensive set of log sources and tools. 

Essential Responsibilities

• Participate in and lead Incident Response efforts with demonstrable competence in all standard phases of the process including Detection, Analysis, Containment, Eradication, Recovery, and post-incident Reporting and Program Improvement.
• Analyze security logs and telemetry from various sources, including network devices, user endpoints, Content Delivery Networks (CDNs), mail security tools, and traditional and Web Application Firewalls (WAFs).
• Conduct real-time and retroactive log analysis and threat hunts using a variety of tools including security information and event management (SIEM), endpoint detection and response (EDR) and Network Traffic Analysis platforms as well as through manual artifact review, intelligence enrichment and file/system analysis.
• Participate in coordinated daily operations via constant interactions with Threat Intelligence, Detection Engineering and Security Monitoring teams.
• Prepare and manage detailed incident analyses, ensure proper and complete reporting, and track and pursue post-Incident action items to completion. 
• Contribute to continuous improvement of our Incident Response (IR) program, including by defining/re-defining policies, plans, and procedures and testing them via tabletops, simulations and exercises.
• Work & collaborate with Security/IT leadership and the legal team to handle discovery-related workflows & notification obligations during Incidents.
• Work with other Crewmembers and automation tools to improve timely and efficient handling of security Incidents and investigations.
• Other duties as assigned.

Minimum Experience and Qualifications

• Bachelor’s Degree in Cyber Security, Computer Science or other relevant discipline; OR demonstrated capability to perform job responsibilities with a High School Diploma/GED and at least four (4) years of previous relevant work experience.
• Three (3) years of experience in blue team functions such as Security Operations, Incident Response, Threat Detection and Analysis and/or Threat Intelligence at a large company or Security Service Provider.
• Experience driving complex security incidents through the entire response lifecycle.
• Strong working knowledge of common threat actor attack patterns and tactics, techniques and procedures (TTPs).
• Experience communicating Incident Progress and preparing retrospectives suitable for a security-leadership and/or executive audience.
• Ability to juggle multiple priorities at once.
• Excellent written and verbal communication skills.
• Ability to work collaboratively across teams, including IT, development, and compliance.
• Available and willing to participate in periodic on-call duties and off-hours Incident Response.
• Available for occasional overnight travel (10%).
• Must pass a pre-employment drug test.
• Must be legally eligible to work in the country in which the position is located.
• Authorization to work in the US is required. This position is not eligible for visa sponsorship.

Preferred Experience and Qualifications

• Four (4) or more years of experience in blue team functions such as Security Operations, Incident Response, Threat Detection and Analysis and/or Threat Intelligence at a large company or Security Service Provider.
• Experience running proactive Threat Hunts driven by new intelligence, novel TTPs and your own proactive hypotheses.
• Willingness and experience leading and mentoring other Crewmembers.
• Experience planning and running attack simulations, tabletop exercises and purple teaming.
• Strong sense of urgency and drive - a desire to always be moving forward and improving the craft of incident response.

Crewmember Expectations:

• Regular attendance and punctuality
• Potential need to work flexible hours and be available to respond on short-notice
• Able to maintain a professional appearance
• When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
• Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
• Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy, and behavioral standards
• Identify safety and/or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))

Equipment:

• Computer and other office equipment

Work Environment:

• Traditional office environment

Physical Effort: 

• Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)

#LI-LL1 #LI-Hybrid