Information Security Analyst

Get Referred

Job Description

You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways.  Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

American Express is on a mission to provide the world’s best customer experience every day. Rooted in this vision is the work of the Technology Risk & Information Security organization, empowering the company to delivery superior service through trust, security, and safety. Our culture is centered around passion, curiosity, and courage, enabling you to innovate and evolve a Fortune 100 company. You can help us achieve our mission!


This role will be responsible for assisting with activities designed to systematically handle information security, such as security investigations, intelligence, assurance, and awareness, and/or other project oversight, including developing standard methodologies for information security standards and handling IT controls and compliance with regulatory guidance.

What type of work can you expect to do in Information Security at American Express?

  • Security Incident Response/Threat Intelligence
    • Act as the front line of defense at American Express protecting the brand, employees, assets and card members across the globe against threats 24/7/365
    • Minimize risk of cyber attacks and focus on detection and response to threats
    • Monitor, detect, and respond to security events and incidents that affect AXP globally
  • Infrastructure, Application, and Network Security
    • Drive risk reduction through the rapid identification and remediation of vulnerabilities across the enterprise
    • Deliver secure network solutions that enable secure operations and highly available products and services for our customers
    • Safeguard AXP data, customers, and brand through continuous monitoring and testing of production application environments
  • Data Loss Prevention
    • Protect our customers, partners, and colleagues from the loss of sensitive information through normal business processes and/or malicious actors
    • Monitor and block sensitive data loss where legally permissible
  • Identity and Access Management/Authentication
    • Deliver centralized Enterprise Identity and Access Management products
    • Provide authentication, authorization, and full lifecycle management capabilities
    • Reduce, manage, and monitor risk associated with identity and access to AXP resources
  • Cryptography/Encryption Services
    • Protect all forms of sensitive information, on all platforms, resulting in protection of the Brand and information assets, and regulatory compliance
    • Deliver cryptographic and key management solutions, and manage and operate secure cryptographic platforms
    • Drive continuous enhancement to data protection
  • Governance, Risk, Compliance
    • Bridge traditional boundaries between cyber and IT risk and expanding partnerships with IT and the business to drive risk reduction in the enterprise
    • Innovate Risk Management through enhancements in tooling and automation of processes; expand the capabilities of technology risk management
    • Extend risk management and control expertise beyond the information security domains into IT development organizations and the business

Minimum Qualifications

  • In-depth knowledge of cyber threats along with common security controls, detection capabilities, and other practices / solutions for securing digital environments.  Including packet flows / TCP & UDP traffic, firewall and proxy technologies, anti-virus, intrusion detection/prevention systems and other host-based monitoring, email monitoring and spam technologies, SIEMs, etc.
  • Experience in analyzing malware / hacking tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions.
  • Understanding of what information or assets are of value to threat actors and how organizations are breached.
  • In-depth understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies).
  • Must have strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
  • Can apply a variety of structured analytic techniques to generate and test a hypothesis, assess cause and effect, challenge analysis, and support decision making.


  • Bachelor's degree or equivalent combination of education and experience preferred.

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.

ReqID: 21006646
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Mar 25, 2021, 6:46:47 PM