American Express Careers

Information Security Analyst- Cyber Threat Hunt

Phoenix, Arizona
Digital Commerce Technology

Apply Get Referred

Job Description

Why American Express?
There’s a difference between having a job and making a difference.
American Express has been making a difference in people’s lives for over 160 years,
backing them in moments big and small, granting access, tools, and resources to take
on their biggest challenges and reap the greatest rewards.
We’ve also made a difference in the lives of our people, providing a culture of learning
and collaboration, and helping them with what they need to succeed and thrive. We
have their backs as they grow their skills, conquer new challenges, or even take time to
spend with their family or community. And when they’re ready to take on a new career
path, we’re right there with them, giving them the guidance and momentum into the
best future they envision.
Because we believe that the best way to back our customers is to back our people.
The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it
American Express’s Cyber Threat Hunting team works in collaboration with other information security teams to secure American Express' network in order to protect American Express and our customers. We are responsible for identifying, investigating, and reporting on various network security events, including: APT hunting, malware investigations, and improper usage. American Express threat hunters must proactively generate ideas for ways to find malicious activity in the network and then develop and execute a hunt plan and thoroughly investigate any results.
Once an investigation has been performed the Cyber Threat Hunting team works with the other information security teams to prevent future incidents, improve the speed of detection, and reduce the time required to perform a thorough investigation.
Has a working knowledge of the following tools:

  • IPS
  • HIPS
  • Web Proxy
  • Open Source Intelligence
  • Packet Captures
  • Memory Analysis
  • Syslog from servers and network devices
  • DHCP, AD, 802.1x, NAT, and VPN logs
  • Passive DNS
  • Deep packet inspection
  • SIEM/Log Management systems
  • Encase/FTK/NetWitness


A successful candidate is one who can demonstrate a history of:
  • 2+ years’ experience working in cyber investigations, computer forensics, financial fraud investigations and/or other IT related fields tied to information security
  • Understanding the importance of information security from a business context
  • Perform security event analysis and make recommendations
  • Lead and mentor technical team on security incident response activities
  • Is actively engaged in and contributing to the Information Security industry and best practices (e.g. understands industry best practices in security operations; attends/speaks at industry conferences; participates in local networking with other InfoSec professionals; stays current on industry trends)
  • Produces quality documentation/ investigation reports (e.g. document design, workflow improvement, standard operational procedures, development of incident playbook)
  • Coordinates with other team members/teams to resolve issues encountered during investigations,
  • Communicates status of investigations (e.g. report on progress against technical plan; timely escalation of issues and risks; ability to explain technical solutions to a non-technical audience)
  • Self motivated to creatively find and investigate security events
  • Expert knowledge of the Linux and Windows platforms
  • Familiar with the latest malicious software trends, including experience with exploits and malware
  • Has in-depth knowledge and understanding of OWASP Top 10
  • Demonstrate (via work experience) the ability to follow frameworks to ensure comprehensive investigations
  • Ability to creatively solve complex problems
  • Experience with programming/scripting languages (python, lua, perl, powershell)
  • Experience working under pressure
  • Willing to work off-hours and accommodate rotational on-call work


Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions

ReqID: 19010735
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Jun 5, 2019, 6:01:25 PM
Apply Get Referred