Information Security Specialist

Get Referred

Job Description

You Lead the Way. We’ve Got Your Back. 


At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways.  Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

It’s more than protecting systems and data.

It’s protecting people.


Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what’s next and to protect our business and our future.  So if you are dedicated to the latest technology and motivating others, secure your career here.


Distributed Directory Services resides in the center of the Identity & Access Management organization.  It lies within the technical architecture as well as within the core components of the concepts of IAM.  The IAM Directory Services team has a global responsibility to provide service and support for the American Express Enterprise Directory with more than 100,000 users.


The Information Security Specialist– Distributed Directory Services Architecture/Engineering & Operations reports to the Director of IAM Directory Services and will have operational and architectural oversight of American Express Enterprise Directory environment and associated management infrastructure.


We are looking for a highly skilled architecture / operations and performance subject matter expert who can provide strategic guidance and future vision regarding all aspects of daily operations and maintenance of the American Express Active Directory environment.  You will be responsible for participating in the development of the enterprise directory services strategy.  You will help to lead the operations team members by providing innovative solutions to improve the security and management of the Active Directory infrastructure.  You will work with the team to challenge the status quo, constantly evaluate the current industry trends, and bring new capabilities to the Identity and Access Management organization. 


Essential Functions:


  • Provide senior level leadership (document, develop, plan, execute) of Active Directory Architecture / Operations and performance controls.
  • Act as a senior technical SME in the areas of Active Directory -  administration, infrastructure, process, procedures, monitoring, and projects.
  • Provide senior technical expertise when necessary to maintain the Active Directory environment.
  • Act as a manager between the Business Partner and vendor technical contacts.
  • Provide leadership for a team of skilled SMEs in resolution of complex Active Directory service issues.
  • Clearly communicate to key stakeholders including senior leadership and internal/external audit teams.
  • Promote and work with team members to implement process improvement initiatives.
  • Manage expectations across functional teams, providing direction and leadership oversight in a matrix organization.


Minimum Qualifications

The ideal candidate will have the following experience and qualifications: 

  • Bachelor’s degree in Engineering, Computer Science, Information Systems or other related field or has equivalent work experience
  • Microsoft certifications including Microsoft Certified Systems Engineer (MCSE)
  • 3 or more years in a role with a primary focus of managing, maintaining, and securing a global Active Directory infrastructure
  • Implementing Active Directory security best practices including:
    • Principle of least privilege.
    • Securing privileged access.
    • Credential theft prevention.
    • Reducing the attack surface.
    • Implementing/maintaining secure administrative hosts.
    • Securing domain controllers.
    • Monitoring for signs of compromise.
  • Ability to write complex PowerShell automation scripts.
  • Integration of non-Windows (Linux, MAC, etc.) computers with Active Directory.
  • Ability to think, communicate clearly, and make sound decisions while under pressure in a fast-moving environment.
  • In-depth knowledge of and experience with:
    • Authentication protocols such as Kerberos, NTLM, OAuth, etc.
    • Protocol security hardening such as UNC, SMB, LDAP, etc.
    • LDAP
    • Group Policy
    • DNS
    • Domain controller health monitoring and troubleshooting.
    • Domain controller performance monitoring and troubleshooting.
    • Certificate services, PKI, and encryption.
    • Sites and Services
  • Information Security experience, certification, or a high level of Information Security Awareness.
  • Experience in prevailing industry architecture operations methodologies
  • Possess ability to translate technical issues into understandable business language for end users and solution for those issues long-term
  • Must be highly articulate (both written and verbal) and have the ability to clearly communicate to key leadership personnel and stakeholders including internal/external audit teams
  • Preferred experience working with vendor teams to provide support and systems integration
  • Preferred experience with operational tools such as MS Systems Center.
  • Preferred experience in highly regulated environments
  • Team player with a positive attitude and ability to work nights and weekends for troubleshooting as needed
  • Experience with Quest ARS and GPOADmin is a plus
  • Demonstrated ability to deliver on time and on budget
  • Institutional Knowledge of our customers both inside and outside of the Technology organization is a plus
  • Security Certifications such as CISSP, CISA, CISM is a plus


At the core of Information Security Management.


Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including: 

  • Agile Practices
  • Emerging Technologies
  • Business Process Improvement
  • Business Risk Management
  • Analytical Thinking
  • Coaching and Mentoring
  • Business Case Development
  • Industry and Company Knowledge

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.


American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law. 

ReqID: 20008971
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Jan 8, 2021, 12:26:54 PM