Information Security Specialist - Application Security (NYC ONLY) American Express
New York, NY

Job Description

Why American Express?

There's a difference between having a job and making a difference.

American Express has been making a difference in people's lives for over 160 years,

backing them in moments big and small, granting access, tools, and resources to take

on their biggest challenges and reap the greatest rewards.

We've also made a difference in the lives of our people, providing a culture of learning

and collaboration, and helping them with what they need to succeed and thrive. We

have their backs as they grow their skills, conquer new challenges, or even take time to

spend with their family or community. And when they're ready to take on a new career

path, we're right there with them, giving them the guidance and momentum into the

best future they envision.

Because we believe that the best way to back our customers is to back our people.

The powerful backing of American Express.

Don't make a difference without it.

Don't live life without it.

It's more than protecting systems and data.

It's protecting people.

Our Information Security Managers know that security is a top priority for our business and our partners and customers. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to them to stay ahead of what's next and to protect our business and our future. So if you are dedicated to the latest technology and motivating others, secure your career here.

You won't just see the problem coming, you'll see the solution.

New threats to our business, our partners and customers appear on the horizon every day, so no two days are the same. But there are some things you can count on doing:

* Providing guidance on information security processes, controls, and compliance, and information security risk management to team members
* Encouraging employee contribution, such as feedback, career development planning, and goal setting.
* Developing plans and strategies for information security tools, processes, and programs
* Responding to changes in the regulatory environment and assisting other organizations in doing the same.
* Making strategic recommendations to enhance information security, including processes, procedures, governance approaches, and compliance.

Do you have what it takes to lead the way in cyber security?

* BS degree in Computer Science, similar technical field of study, or equivalent practical experience.
* Ability to effectively collaborate with others in English.
* 2 years of experience in application penetration testing, red team, or Security Operations Center (SOC) analyst, preferably as a senior resource.
* Expert knowledge of OWASP Top 10 and the ability to articulate web security risks and determine threat level.
* Knowledge of dynamic web application scanners is a plus, including (but not limited to) OWASP Zed Attack Proxy, Kali Linux, Metasploit, BURP Suite, HP WebInspect, Qualys, or WhiteHat.
* Demonstrated time management skills and strong work ethic, attention to detail, and problem-solving skills.
* Possession of industry standard certification such as OSCP, CISSP, CEH, GMOB, GWAPT, GPEN and/or other relevant penetration testing related certifications a plus.
* Information Security, Security Testing, and/or Risk Analysis Experience

At the core of Information Security Management.

Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:

* Agile Practices
* Emerging Technologies
* Business Process Improvement
* Business Risk Management
* Analytical Thinking
* Coaching and Mentoring
* Business Case Development
* Industry and Company Knowledge

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.