Position Title: Incident Responder – Cyber Security
Position Summary
At JetBlue, cyber security operates across a complex IT environment, encompassing traditional data centers, Software as a Service (SaaS) services, multiple cloud providers, and a diverse end-user environment. We are committed to providing robust security for our extensive corporate network and our e-commerce platforms.
We are seeking an experienced Incident Responder who is well versed in analysis of logs and other technical data, and is comfortable and capable of executing all stages of incident response. The ideal candidate will possess a strong understanding of both traditional network and e-commerce-oriented security threats, and be comfortable conducting Response activities in a hybrid environment with an extensive set of log sources and tools.
Essential Responsibilities
- Participate in and lead Incident Response efforts with demonstrable competence in all standard phases of the process including Detection, Analysis, Containment, Eradication, Recovery, and post-incident Reporting and Program Improvement.
- Analyze security logs and telemetry from various sources, including network devices, user endpoints, Content Delivery Networks (CDNs), mail security tools, and traditional and Web Application Firewalls (WAFs).
- Conduct real-time and retroactive log analysis and threat hunts using a variety of tools including security information and event management (SIEM), endpoint detection and response (EDR) and Network Traffic Analysis platforms as well as through manual artifact review, intelligence enrichment and file/system analysis.
- Participate in coordinated daily operations via constant interactions with Threat Intelligence, Detection Engineering and Security Monitoring teams.
- Prepare and manage detailed incident analyses, ensure proper and complete reporting, and track and pursue post-Incident action items to completion.
- Contribute to continuous improvement of our Incident Response (IR) program, including by defining/re-defining policies, plans, and procedures and testing them via tabletops, simulations and exercises.
- Work & collaborate with Security/IT leadership and the legal team to handle discovery-related workflows & notification obligations during Incidents.
- Work with other Crewmembers and automation tools to improve timely and efficient handling of security Incidents and investigations.
- Other duties as assigned.