American Express Careers
Information Security Manager
This position, reporting to the Director of Third Party Security Monitoring, will be part of a team responsible for the in-depth technology and information security assessment and continuous monitoring of the company’s most critically sensitive third parties.
The person in this position will be responsible for assessing and providing recommendations based on testing of cyber security controls of third-party service providers and partners, including the testing of infrastructure, networks, cloud platform security, databases, application, web, and mobile security, and providing process recommendations, and performing testing of program controls.
Responsibilities also include:
- Support execution of technical assessments for the company’s most critical third parties
- Perform on-going tracking and monitoring of remediation progress, as well as test re-validation
- Assist with evaluation of tools and technologies to support assessment and monitoring capabilities
- Participate and assist with real-time monitoring, cyber threat-intelligence, and incident response related to company’s critically sensitive third parties
- Must have 4+ years of experience in application/network/web/mobile penetration testing and advanced red teaming, preferably in a large and distributed operating environment
- Must be proficient in the use and management of common penetration testing tools, including web, vulnerability, and code scanning tools
- Demonstrated expertise in application security, specifically web, mobile, and cloud application security, secure configuration, and database security
- Professional experience with any of the following: Java, .NET, AWS, Functional programming, SQL, MongoDB, CouchDB, Neo4J, Hadoop, Cassandra, DynamoDB, ElasticSearch, Solr
- Expert knowledge of CIS Critical Controls, OWASP Top 10, and ability to effectively communicate and articulate information security risks
- Knowledge of automated DAST, SAST, and RASP tooling is preferred, including but not limited to OWASP Zed Attack Proxy, BURP Suite, Nessus, Metasploit, Postman, HP WebInspect, Qualys, or WhiteHat
- Operational understanding of TCP/IP, computer networking and common protocols such as DNS, SMTP, HTTP, etc.
- Functional knowledge security technologies such as IPS/IDS, Firewalls, Security Information and Event Management tools, etc is a plus
- Possession of industry standard certifications such as OSCP, CEH, GWAPT, GPEN and/or other relevant penetration testing related certifications is a plus
- Knowledge of SDLC, Agile, Waterfall, or Scrum
- Must be comfortable operating in Linux/UNIX, Windows, and Mac environments
- A broad understanding of the Information Security core concepts and terminology, IT controls, and best practices across key risk domains, including risk assessment methodology, identity and access management, network and infrastructure security, application security, data loss prevention, and incident management
- Self-motivated team player with the ability to handle multiple work streams and support various collaborative projects to completion
- Excellent relationship skills with the ability to effectively collaborate across various teams and with external vendors, suppliers, and partners
- Ability to quickly and sufficiently learn new processes, techniques, and technologies and be able to speak with an informed opinion and create a credible impression with stakeholders
- Ability to identify gaps between one’s skillset and the needs of the team and effectively seek and utilizing feedback from leaders and mentors to address gaps
- Ability to clearly present options and make compelling recommendations
- Ability to analyze complex information and identify the most relevant details
- Being flexible and able to adjust to new needs and new technologies, and to be comfortable with ambiguity
- Strong sense of personal accountability and ability to drive results
- Bachelor’s Degree in computer science, engineering or similar technical field of study, or equivalent practical experience
- Occasional off-hours and weekend work required.
Why American Express
Talk to our people and you’ll find out what we’re really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law.
If the links do not work, please copy and paste the following URLs in a new browser window:
Schedule (Full-Time/Part-Time): Full-time
Date Posted: Sep 13, 2019, 1:18:49 AM