The Architect develops, documents, and disseminates information security architectural standards across all of JetBlue’s Information Technology groups. The Architect provides direction to project teams on building the appropriate information security controls into systems in development. The Architect provides direction to system engineers on improving and maintaining the appropriate information security controls for production systems. The Architect is responsible for driving the implementation and adoption of key information security tools.
- Ensures that information security policies, multi-year strategies, standards, procedures, and best practices are developed and communicated with JetBlue's IT Leadership
- Develop and execute data security architecture framework
- Define and research information security standards; vulnerability analyses and risk assessments; reviewing architecture platforms, applications and integration issues.
- Participates in Project Management activities to manage IT Security programs and initiatives;
- Participate on the IT Architectural Review Board to drive overall technology direction for JetBlue.
- Participates in the development and delivery of a comprehensive information security training program that provides the appropriate training for all crewmembers.
- Works with internal and external Auditors to assess compliance with policies, standards, procedures, and best practices.
- Review and evaluate firewall change requests.
- Other duties as assigned
Minimum Experience and Qualifications
- Bachelors in Computer Science.
- Four (4) years information technology experience.
- Four (4) years information security experience.
- Experience delivering comprehensive architecture specifications
- Experience providing data protection and web application firewalls
- Must be able to work in a team environment as a productive and cordial team player
- Must be able to multi-task and prioritize in a fast paced multi-team environment
- Ability to present to a variety of audiences
- Ability to work to deadlines with quick turnaround
- Ability to handle confidential information with professionalism and diplomacy
- Must pass a ten (10) year background check and pre-employment drug test
- Must be legally eligible to work in the country in which the position is located
Preferred Experience and Qualifications
- CISSP certified (or equivalent).
- Knowledge of Information security principles.
- Understands the concepts of and techniques for secure programming.
- Knowledge of security vulnerabilities/weaknesses - fundamental causes of vulnerabilities through which most attacks are exploited.
- Able to recognize and categorize the most common types of vulnerabilities and associated attacks.
- Familiarity of network Protocols including IP, TCP, UDP, ICMP, ARP, RARP, TFTP, FTP, HTTP, HTTPS, SNMP, and SMTP. Understand how these protocols work, what they are used for, the differences between them, some of the common weaknesses, etc.
- Understanding of information security risk analysis.
- Knowledge of network applications and services – expertise in the purpose of the application or service, how it works, common usage, secure configurations, and the common types of threats or attacks against the application or service, as well as mitigation strategies.
- Host/System Security Issues – expertise in security issues at a host level for the various types of operating systems (Windows and UNIX). Experience in using the operating system (user security issues) and some familiarity in managing and maintaining the operating system as an administrator.
- Malicious Code (Viruses, Worms, Trojan Horse programs) – expertise in not only how malicious code is propagated through some of the obvious methods (disks, email, programs, etc.) but also how it can propagate through other means such as PostScript, Word macros, MIME, peer-to-peer file sharing, or boot-sector viruses.
- Understanding/Identifying Intruder Techniques - must be able to recognize known intrusion techniques based on the footprints or artifacts left by different types of attack in the incident reports. Know the appropriate methods to protect against these known attack techniques and the risks associated with the attacks. Analysis of and correlation between incidents to notice what has not been seen before.
- Regular attendance and punctuality
- Potential need to work flexible hours and be available to respond on short-notice
- Well groomed and able to maintain a professional appearance
- When working or traveling on JetBlue flights, and if time permits, all capable crewmembers are asked to assist with light cleaning of the aircraft
- Must be an appropriate organizational fit for the JetBlue culture, that is, exhibit the JetBlue values of Safety, Caring, Integrity, Passion and Fun
- Computer and other office equipment
- Normal Office Environment
- Generally not required, or up to 10 pounds occasionally, 0 pounds frequently. (Sedentary
Disclaimer: The above statements are intended to describe the general nature and level of work being performed by the crewmember(s) assigned to this position. They are not intended to be an exhaustive list of all responsibilities, duties, and skills required of individuals in this position. Position Expectations may be subject to change as the needs of the organization change.
JetBlue Airways Corp. is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, marital status, veteran status, sexual orientation, gender identity or expression, disability status, pregnancy, genetic information, citizenship status or any other characteristic protected by law. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.