Senior Incident Responder

Position Title : Senior Incident Responder - Cyber Security

Position Summary

At JetBlue, cybersecurity operates across a complex IT environment, encompassing traditional data centers, Software as a Service (SaaS) services, multiple cloud providers, and a diverse end-user environment.

We are committed to providing robust security for our extensive corporate network and our e-commerce platforms.

We are seeking a Senior Incident Responder to enhance our cybersecurity Incident Response (IR) program. This role is pivotal in coordinating with internal teams, Leadership and Managed Service partners to manage complex security incidents and drive long-term improvements in our IR Program maturity.

The ideal candidate will possess both strong technical skills and knowledge regarding traditional network and e-commerce-oriented security threats, while also bringing the ability to manage and communicate effectively during high-stress Security Incidents.

Essential Responsibilities

• Perform in-depth analysis of security logs and telemetry from a diverse range of sources, including endpoint, network, cloud and e-commerce systems to identify and help contain Security Incidents.
• Lead and manage all phases of incident response : Working with Internal peers, Security Leadership and 24x7 Managed Service providers, you will undertake and guide activities through Detection, Analysis, Containment, Eradication, Recovery, and Post-Incident Reporting.
• Direct and conduct both real-time and retroactive log analysis, threat hunting, and intelligence-driven investigations using advanced tools and manual techniques.
• Contribute to a daily operations tempo in coordination with Threat Intelligence, Detection Engineering, and Security Monitoring teams.
• Assist in driving maturity, automation and sophistication in IR processes through use of orchestration tools, integrations and your own subject-matter expertise.
• Prepare comprehensive incident reports and retrospectives for executive and security-leadership audiences, while managing post-incident action items to conclusion.
• Lead the continuous improvement of the IR program, including policy and procedure development, and scheduling and management of simulations, tabletop exercises, and drills.
• Collaborate with Security / IT leadership and legal teams on discovery workflows and incident notification protocols.
• Mentor and guide less experienced team members in Incident handling and investigations.
• Other duties as assigned.

Minimum Experience and Qualifications

• Bachelor's Degree in Cyber Security, Computer Science or other relevant discipline; OR demonstrated capability to perform job responsibilities with a High School Diploma / GED and at least four (4) years of previous relevant work experience.
• Three (3) years of experience in blue team functions such as Security Operations, Incident Response, Threat Detection and Analysis, and / or Threat Intelligence, preferably in a large enterprise or Security Service Provider.
• Proven track record of managing complex security incidents through the entire lifecycle.
• In-depth knowledge of advanced threat actor tactics, techniques, and procedures (TTPs).
• Expertise in communication and collaboration during Incidents and retrospectives, working effectively with both technical and executive audiences.
• Demonstrated ability to lead multiple investigations or cases simultaneously.
• Availability for on-call duties and off-hours Incident Response as needed.
• Available for occasional overnight travel (10%).
• Must pass a ten (10) year background check and pre-employment drug test.
• Must be legally eligible to work in the country in which the position is located.
• Authorization to work in the US is required. This position is not eligible for visa sponsorship.

Preferred Experience and Qualifications

• Six (6) years of experience in blue team functions such as Security Operations, Incident Response, Threat Detection and Analysis, and / or Threat Intelligence, preferably in a large enterprise or Security Service Provider.
• Demonstrated experience managing Incidents in a mixed-team environment with internal and Managed-Service teams.
• Expertise in designing and conducting attack simulations, tabletop exercises, and purple team exercises.
• A proactive and driven approach, with a strong commitment to advancing the field of Incident Response.

Crewmember Expectations :

• Regular attendance and punctuality
• Potential need to work flexible hours and be available to respond on short-notice
• Able to maintain a professional appearance
• When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of aircraft
• Organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Fun and Passion
• Promote JetBlue's #1 value of safety as a Safety Ambassador, supporting JetBlue's Safety Management System (SMS) components, Safety Policy and behavioral standards
• Identify safety and / or security concerns, issues, incidents or hazards that should be reported and report them whenever possible and by any means necessary including JetBlue's confidential reporting systems (Aviation Safety Action Program (ASAP) or Safety Action Report (SAR))

Equipment :

Computer and other office equipment

Work Environment :

Traditional office environment

Physical Effort :

Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary)

LI-LL1 #LI-Hybrid

JetBlue Airways is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.