Senior Info Security Analyst-Threat Detection/ Incident Response- REMOTE OR HYBRID

You Lead the Way. We've Got Your Back. At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we're supporting our customers' financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what's possible - and we're proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

This Analyst role will focus on correlating data from various logs and data sources to detect anomalous, suspicious, or malicious behaviors. We are looking for a successful track record in writing advanced SIEM rules to generate complex advanced detections and extensive information security experience, particularly in incident response and/or threat detection. You will be able to apply that knowledge to drive future content to reduce risk and work closely with other Information Security teams including Cyber Threat Intelligence, Cyber Detection Engineering, and Incident Response.

• Partner with the Cyber Threat Intelligence team to identify active or emerging threats likely to target American Express
• Perform basic threat modelling of common environments to identify threat detection opportunities across the MITRE ATT&CK framework
• Work with platform owners and Cyber Data Engineering to identify telemetry required to support the development of identified threat detection opportunities
• Perform deep dive analysis of logs and malicious artifacts
• Analyze large data sets to identify trends and anomalies indicative of malicious activities
• Ability to develop, document and maintain custom detection queries

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers' digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. Amex offers a range of opportunities to work with the newest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex.

Qualifications

American Express is looking for a Threat Detection Analyst with 7+ years' experience in Incident Response, Threat Detection, or Hunt to join the Threat Detection and Hunt (TDH) team. The ideal candidate should have ample exposure to endpoint detection principles, network security principles, threat detection practices, and advanced rule writing; along with first-hand experience working in a security operations center or security engineering environment. Additionally, we are looking for superb communication skills, an ability to work effectively in a team and perform well in a rapidly-paced workplace.

• Thorough knowledge of information security components, principles, practices, and procedures
• First-hand security operations center (SOC) experience performing analyst/security engineer duties
• Analytic approach and familiarity with analytic methodologies, including experience solving complex security problems
• Understanding of Operating System internals and how to analyze malicious code, scripts, exploits, etc
• Experience analyzing logs and events generated by endpoint and other security solutions
• Understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall)
• Understanding of authentication principles and technologies, including Active Directory and RACF
• Ability to evaluate threat intelligence and identify TTPs for use in detection mechanisms at both the host and network level
• Must have expert threat detection knowledge and intuition, including a deep understanding of how malicious traffic appears over the network and at security devices
• Must have the ability to analyze data from a variety of sources, correlating it to meaningful security events
• Advanced rule and/or query writing experience in at least one SIEM
• Should understand content testing, implementation, and revision cycle
• Programming experience in at least one scripting language
• University Degree in computer science, computer engineering, or related field; or equivalent experience
• Information Security Certification preferred, GCIA, GCDA, CISSP or similar

REQ# 22025066

We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually.

If the role you are applying for is designated as hybrid or onsite, you will be required to demonstrate that you have completed your primary COVID-19 vaccination series (i.e., 2 doses for Moderna/Pfizer and 1 dose for J&J) and, for medically eligible* colleagues, a booster shot, in order to work in or visit any of our offices. This requirement is subject to legally required accommodations.

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.