American Express Careers
Information Security Specialist- Third Party Risk – Cyber Threat Intelligence
- Identify credible, new intelligence and subject matter resources relative to current/emerging threats.
- Provide subject matter expertise on cyber threats to support current analytic operations and initiatives.
- Coordinate with BUs to perform risk sizing exercise for their respective portfolio of third party vendors.
- Assist with evaluation of tools / technologies to support monitoring capabilities.
- Support execution of technical assessments for in-scope third parties.
- Perform on-going tracking and monitoring of progress, and assist in management reporting on a periodic basis.
KNOWLEDGE / SKILLS
- Knowledge of common security controls, detection capabilities, and other practices / solutions for securing digital environments, to include packet flows / TCP & UDP traffic, firewall and proxy technologies, anti-virus, Intrusion Detection/Prevention Systems and other host-based monitoring, email monitoring and spam technologies, SIEMs, etc.
- Experience in analyzing malware / hacking tools and threat actor tactics, techniques, and procedures to characterize threat actors’ technical methods for accomplishing their missions.
- Basic understanding of forensic analysis on and data captures from networks / packet capture, hosts (volatile/live memory), electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations.
- Basic understanding of what information or assets are of value to threat actors and how organizations are breached.
- Understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies).
- Musthavestrongverbalandwrittencommunicationskills; interpersonal collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Should have working knowledge in one or more of the following areas:
- Nation State threat actors
- Cyber crime
- Extremist Groups and Cyber Terrorists
- Distributed Denial of Service attacks
- Emerging Threats
- Social Engineering
- Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion.
- Proven excellent relationship management skills with all levels of the enterprise are required
- Ability to effectively collaborate across teams
- Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders
- Ability to identify gaps between one’s skillset and the needs of the team.
- Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps
- Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
- Involving the right people to ensure the best decisions are made in a timely manner
- Ability to analyze complex information and identify the most relevant details.
- Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
- Strong sense of personal accountability and ability to drive results
- Previous experience at the NSA, DoD, or as a Military Threat Operations team member, Security Researcher, Cyber Threat Researcher, or Cyber Crime investigator preferred.
- 5-7 years’ working in one or more of threat intelligence, Security operations, forensics
EDUCATION / CERTIFICATIONS
- Bachelor's degree or equivalent combination of education and experience preferred
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
Schedule (Full-Time/Part-Time): Full-time