Back

Application Security Engineer

Get Referred

Job Description

You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways.  Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

American Express is seeking an Application Security Engineer with proven strong technical competence and leadership capability to contribute towards the success of enterprise wide application hardening solutions. The Application Security Engineer plays an integral role in driving the design, implementation and roll-out of application hardening solutions within the enterprise. The Application Security Engineer serves as the technical point of contact for application security hardening and implements security controls within the CI/CD pipeline.

The Application Security Engineer develops and implements application security tools and capabilities that help mitigate threats and vulnerabilities. The Application Security Engineer collaborates closely with development teams, product managers and security teams to ensure applications are appropriately secured and monitored.

Primary Responsibilities

  • Drive the design, implementation and roll-out of enterprise wide application security solutions.
  • Serve as the subject matter expert for application security hardening solutions.
  • Design and implement application security controls within the CI/CD pipeline.
  • Test and deploy new application security capabilities.
  • Develop web applications, REST APIs to enhance ease of adoption and metrics reporting.
  • Assist development teams remediate vulnerabilities by developing solutions and implementing controls.
  • Improve security tools and processes with an emphasis on self-service, automation, performance, and scalability.
  • Develop and maintain security documentation for application hardening.
  • Build strong collaborative partnerships with engineering teams.

Minimum Qualifications

Required Skills/Experience

  • Strong hands on experience with architecture, design and operation of application hardening solutions.
  • Strong hands on experience with implementing security controls in the CI/CD pipeline.
  • Strong hands on experience with common security libraries, implementing application security controls and remediation of security vulnerabilities.
  • Must have deep understanding of OWASP Top 10, CWE Top25, with proven track record and experience in implementing and integrating application security controls.
  • Well versed in web, mobile and API security controls.
  • Excellent understanding of web and application server technology stacks.
  • Strong experience with socializing and evangelizing application security capabilities.
  • Strong hands on experience with containers.
  • Hands on experience with application security testing tools.
  • 5+ years of application development, testing, and implementation experience in an agile environment
  • Experience with continuous integration (CI) and continuous delivery (CD) practices
  • Strong verbal, written, and interpersonal communication skills

Key Behaviors/Competencies

  • Self-directed, Confident Team Player
  • Strong Technical Thinker
  • Strong Planning, Execution and Collaborative skills
  • Strong Communication skills Strong verbal and written communication skills. Ability to document risk and control summary artifacts that translates complex threat models into easy to read reports for the business.
  • Openness to Learning: Takes personal responsibility for learning and upskilling. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge. Engages in learning from others, inside and outside the organization.
  • Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances.
  • Business Acumen: Demonstrates an awareness of American Express internal dynamics.

Education

  • Bachelor's degree in computer science, information systems, cybersecurity, or a related field.

Preferred Security Certifications

  • CISSP, SANS GIAC or similar certifications

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.


Tags: #LI-REMOTE
ReqID: 21005077
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Apr 12, 2021, 1:26:37 PM