American Express Careers

Director Information Security- Advanced Red Team

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

American Express has been making a difference in people’s lives for over 160 years, backing them in moments big and small, granting access, tools, and resources to take on their biggest challenges and reap the greatest rewards.


We’ve also made a difference in the lives of our people, providing a culture of learning and collaboration, and helping them with what they need to succeed and thrive. We have their backs as they grow their skills, conquer new challenges, or even take time to spend with their family or community. And when they’re ready to take on a new career path, we’re right there with them, giving them the guidance and momentum into the best future they envision.


Because we believe that the best way to back our customers is to back our people.


The powerful backing of American Express.

Don’t make a difference without it.

Don’t live life without it.

The Cyber Intelligence organization in Information Security supports American Express's vision to be the World's most respected brand. Our mission is to create and maintain controls that stop attacks early and prevent many attacks from ever occurring by leveraging high quality threat intelligence and conducting sophisticated testing with the Advanced Red Team to directly reduce cyber risk, and to actively partner with industry to strengthen the financial services sector's readiness and resilience to adverse cyber events. American Express is the world's premier service company, and the largest credit card issuer by purchase volume. We're also an equal opportunity employer, made up of people from many diverse backgrounds, lifestyles and locations. From our high employee satisfaction ratings to our many workplace awards, American Express is consistently recognized as a great place to work by people around the world. 


American Express is currently seeking a Director for the Advanced Red Team role.

This position will be reporting to the VP of Information Security. 

The successful candidate for this position will be part of an exciting and dynamic environment to build and deliver next generation advanced threat actor simulation capabilities to continuously protect and defend American Express systems and data. The Advanced Red Team is part of the overall IT Risk and Information Security organization responsible for developing and executing various cyber-attacks and assessments. The Red Team assists with identifying opportunities to enhance American Express's information security posture against a broad range of cyber threats, and develop strategies to most effectively address these threats. The successful candidate will lead a team of highly skilled resources whose mission is to constantly identify ways to protect and defend American Express systems and data by designing and executing cyber-attacks that simulate a range of advanced adversaries, partner closely with various leaders and stakeholders to communicate results and help implement key security enhancements.


Experience collaborating actively with internal and external partners to reduce security risk 
• Experience managing budget, implementing and optimizing programs and processes with formal CPI discipline 
• Experience with public/private partnership activities related to information security including information sharing initiatives, standards development etc.
• 5+ years in leadership role managing direct reports including managing performance through active coaching and development and recruiting new talent successfully 
• Experience communicating with senior and executive leadership about cyber threats and trends as well as effective countermeasures to address 
• Experience developing key information security strategies, working by objective and directing a team of highly skilled resources to deliver results 
• Experience with latest generation of attack platforms, tools and resources 
• Experience developing key reporting and dashboards measuring effectiveness of threat management activities and outcomes 
• Must possess strong knowledge of the testing lifecycle including:  Development of attack scenarios, objectives, targets and measures of success  Development of the tools, capabilities and methods to accomplish objectives 
• Strong understanding of threat actor capabilities and applying kill chain concepts to reduce risks 
• Strong understanding of offensive attacks and techniques 
• Strong knowledge of relevant information security standards and frameworks including NIST, SANS, ISO, etc. 
• Previous experience as a red teamer/penetration tester preferred. 
• Familiar with the information security community, culture and conferences 
• Knowledge of different operating systems (Windows/Linux/Unix)
• Experience using interpreted languages (Ruby, Python, PHP, Perl etc.)
• Knowledge of compiled languages (Java, C, C++, Assembly etc.) 
• Social engineering techniques and tactics 
• Experience with tools such as NMAP, Metasploit, Burp Suite, tcpdump, hydra, aircracking 
• Bachelor's degree in Computer Science, Information Systems, Engineering or related major with a minimum of five years’ experience in the information security field required, OR Associates degree and seven years’ experience in the information security field. Experience in the banking and finance sector preferred. 
• OSCP, OSCE, CEH or equivalent as well as CISSP strongly desired. Other relevant security certifications recommended, e.g. CPT, GPEN, CISM, CISA, etc

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

ReqID: 18015523
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Oct 4, 2018, 2:10:14 PM
Apply Get Referred