American Express Careers

Information Security Manager - Senior Penetration Tester (NYC only)

New York, New York
Digital Commerce Technology

Apply Get Referred

Job Description

Why American Express?
There’s a difference between having a job and making a difference.
 
American Express has been making a difference in people’s lives for over 160 years,
backing them in moments big and small, granting access, tools, and resources to take
on their biggest challenges and reap the greatest rewards.
 
We’ve also made a difference in the lives of our people, providing a culture of learning
and collaboration, and helping them with what they need to succeed and thrive. We
have their backs as they grow their skills, conquer new challenges, or even take time to
spend with their family or community. And when they’re ready to take on a new career
path, we’re right there with them, giving them the guidance and momentum into the
best future they envision.
 
Because we believe that the best way to back our customers is to back our people.
 
The powerful backing of American Express.
Don’t make a difference without it.
Don’t live life without it. 
 
 
Information Security Manager – Senior Penetration Tester
 
 
This position, reporting to the Director of Third Party Security Monitoring, will be part of a team responsible for the assessment and continuous monitoring of the company’s most critically sensitive third parties.  The team is also responsible for performing in-depth technology and information security assessments of critical third parties.
 
The person in this position will be responsible for assessing application security of third-party services, and providing process recommendations, and performing testing of program controls.
 
 Responsibilities also include:
  • Support execution of technical assessments for the company’s most critical third parties
  • Assist with evaluation of tools / technologies to support assessment and monitoring capabilities
  • Perform on-going tracking and monitoring of progress 

 

Please note, Salary increases in case of a lateral move are provided only on an exception basis and in line with compensation guidelines

Qualifications

 

Requirements:
  • Must have 7+ years of experience in application/network/web/mobile penetration testing and tooling, advanced red team, or application security engineering and architecture, preferably in a large and distributed operating environment
  • Demonstrated expertise in Application Security, specifically web and mobile application security, configurations, vulnerability, change management
  • Proficient knowledge of web development, including but not limited to Ruby, advanced JavaScript libraries (React, Angular, Knockout), Node.JS, JQuery, Object-Oriented Design, Web Services (REST/SOAP)
  • Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
  • Expert knowledge of OWASP Top 10 and ability to articulate web security risks
  • Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat
  • Operational understanding of TCP/IP and computer networking. Knowledge of the functions of security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus
  • Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus
  • Knowledge of SDLC, Agile, Waterfall, or Scrum
  • Information Security, Security Testing and/or Risk Analysis Experience
  • A broad understanding of the terminology, core principles, IT controls and best practices across key risk domains, including: risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
  • Self-motivated team player with the ability to handle multiple work streams and support various team member collaborative projects to completion
  • Proven excellent relationship management skills with all levels of the enterprise are required.
  • Ability to effectively collaborate across teams
  • Ability to quickly come up to speed in any area, sufficient to speak with an informed opinion and create a credible impression with stakeholders 
  • Ability to identify gaps between one’s skillset and the needs of the team
  • Effectively seeking and utilizing feedback from leaders and mentors to address skill gaps
  • Ability to clearly present options and make compelling recommendations, using persuasion to gain agreement or pitch an idea
  • Involving the right people to ensure the best decisions are made in a timely manner
  • Ability to analyze complex information and identify the most relevant details
  • Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
  • Strong sense of personal accountability and ability to drive results
  • Bachelor’s Degree in Computer Science, Engineering or similar technical field of study, or equivalent practical experience

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.


ReqID: 19011023
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Jul 30, 2019, 9:27:02 PM
Apply Get Referred