Position Title: Senior Incident Responder – Cyber Security
Position Summary
At JetBlue, cybersecurity operates across a complex IT environment, encompassing traditional data centers, Software as a Service (SaaS) services, multiple cloud providers, and a diverse end-user environment. We are committed to providing robust security for our extensive corporate network and our e-commerce platforms.
We are seeking a Senior Incident Responder to enhance our cybersecurity Incident Response (IR) program. This role is pivotal in coordinating with internal teams, Leadership and Managed Service partners to manage complex security incidents and drive long-term improvements in our IR Program maturity.
The ideal candidate will possess both strong technical skills and knowledge regarding traditional network and e-commerce-oriented security threats, while also bringing the ability to manage and communicate effectively during high-stress Security Incidents.
Essential Responsibilities
- Perform in-depth analysis of security logs and telemetry from a diverse range of sources, including endpoint, network, cloud and e-commerce systems to identify and help contain Security Incidents.
- Lead and manage all phases of incident response: Working with Internal peers, Security Leadership and 24x7 Managed Service providers, you will undertake and guide activities through Detection, Analysis, Containment, Eradication, Recovery, and Post-Incident Reporting.
- Direct and conduct both real-time and retroactive log analysis, threat hunting, and intelligence-driven investigations using advanced tools and manual techniques.
- Contribute to a daily operations tempo in coordination with Threat Intelligence, Detection Engineering, and Security Monitoring teams.
- Assist in driving maturity, automation and sophistication in IR processes through use of orchestration tools, integrations and your own subject-matter expertise.
- Prepare comprehensive incident reports and retrospectives for executive and security-leadership audiences, while managing post-incident action items to conclusion.
- Lead the continuous improvement of the IR program, including policy and procedure development, and scheduling and management of simulations, tabletop exercises, and drills.
- Collaborate with Security/IT leadership and legal teams on discovery workflows and incident notification protocols.
- Mentor and guide less experienced team members in Incident handling and investigations.
- Other duties as assigned.