Associate Analyst IT Incident Response

At JetBlue, cyber security operates across a complex IT environment, encompassing traditional data centers, Software as a Service (SaaS) services, multiple cloud providers, and a diverse end-user environment. We are committed to providing robust security for our extensive corporate network and our e-commerce platforms. 

We are seeking an entry-level Incident Responder to support our Incident Response (IR) team in managing and investigating alerts escalated from our Tier 1 Security Monitoring team.  The ideal candidate will possess a good working understanding of both traditional network and e-commerce-oriented security threats, and be comfortable conducting Response activities in a hybrid environment with an extensive set of log sources and tools. 

Essential Responsibilities

• Monitor and analyze network traffic, system logs, and escalated alerts from security tools including firewalls, endpoints and IDS/IPS to detect signs of suspicious or malicious activity.
• Analyze telemetry from various sources, including network devices, user endpoints, Content Delivery Networks (CDNs), mail security tools, and traditional and Web Application Firewalls (WAFs) to identify malicious activity.
• Assist in the investigation and resolution of security incidents, including malware infections, phishing attacks, and unauthorized access.
• Participate in coordinated daily operations via constant interactions with Threat Intelligence, Detection Engineering and Security Monitoring teams.
• Author custom dashboards and content across various security tools, e.g. SIEM.
• Ensure playbooks, case management and process documentation stay current.
• Maintain detailed documentation of security incidents including timelines, findings, and remediation steps; track post-incident action items and keep metrics on completion.
• Work with other crewmembers and automation tools to improve timely and efficient handling of security Incidents and investigations.
• Other duties as assigned.

Minimum Experience and Qualifications

• Bachelor’s degree in Cyber Security, Computer Science or other relevant discipline; OR demonstrated capability to perform job responsibilities with a combination of a High School Diploma/GED and at least four (4) years of previous relevant work experience.
• One (1) year of relevant work experience on a Security Operations or Incident Response team.
• Hands-on experience with malware reverse engineering processes and tools (e.g. Ghidra, IDA).
• Demonstrated experience with forensic analysis and packet analysis processes and tools (e.g. Autopsy, Wireshark).
• Understanding of TCP/IP, DNS, HTTP, and other network protocols and the role of each in threat analysis and Incident Response.
• Demonstrable ability to analyze disparate data sources such as network logs, endpoint activity and email data to understand attack vectors and assess damage from an Incident.
• Demonstrable skill creating queries and dashboards using the Splunk SIEM and the SPL language.
• Hands-on experience triaging Incidents across Windows, Mac and Linux endpoints and cloud environments (Azure, GCP and/or AWS).
• Strong problem-solving and analytical skills, with the ability to work in a team environment.
• Ability to demonstrate deep level of critical thinking.
• Ability to pass a live skills demonstration on-site with JetBlue crewmembers.
• Coding experience in scripting languages such as PowerShell, Python.
• Excellent written and verbal communication skills.
• Available and willing to participate in periodic on-call duties and off-hours Incident Response.
• Available for occasional overnight travel (10%).
• Must pass a ten (10) year background check and pre-employment drug test.
• Must be legally eligible to work in the country in which the position is located.
• Authorization to work in the US is required. This position is not eligible for visa sponsorship.

Preferred Experience and Qualifications

• Airline or transportation industry experience in “Blue Team” functions such as Security Operations, Incident Response, Threat Detection or Threat Intelligence at a large company or Managed Service Provider.
• Strong working knowledge of common threat actor attack patterns and tactics, techniques and procedures (TTPs), Indicators of Attack and Indicators of Compromise and using these in proactive threat hunting.
• Strong sense of urgency and drive - a desire to always be moving forward and improving the craft of incident response.

Crewmember Expectations:

• Regular attendance and punctuality
• Potential need to work flexible hours and be available to respond on short-notice
• Able to maintain a professional appearance
• When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
• Must be an appropriate organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
• Promote JetBlue’s #1 value of safety as a Safety Ambassador, supporting JetBlue’s Safety Management System (SMS) components, Safety Policy, and behavioral standards
• Identify safety and/or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue’s confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))
• Note: The use of ChatGPT or any other automated tool during the interview process will disqualify a candidate from being considered for the position.

Equipment:

• Computer and other office equipment

Work Environment:

• Traditional office environment

Physical Effort: 

• Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)

#LI-AC1

#LI-Hybrid