The Cyber Intelligence organization in Information Security supports American Express's vision to be the World's most respected brand. Our mission is to create and maintain controls that stop attacks early and prevent many attacks from ever occurring by leveraging high quality threat intelligence and conducting sophisticated testing with the Advanced Red Team to directly reduce cyber risk, and to actively partner with industry to strengthen the financial services sector's readiness and resilience to adverse cyber events.
American Express is the world's premier service company, and the largest credit card issuer by purchase volume. We're also an equal opportunity employer, made up of people from many diverse backgrounds, lifestyles and locations. From our high employee satisfaction ratings to our many workplace awards, American Express is consistently recognized as a great place to work by people around the world. American Express is currently seeking a Director for the Advanced Red Team role. This position will be reporting to the VP of Cyber Intelligence. The successful candidate for this position will be part of an exciting and dynamic environment to build and deliver next generation advanced threat actor simulation capabilities to continuously protect and defend American Express systems and data.The Advanced Red Team is part of the overall Information Security organization responsible for developing and executing various cyber attacks and assessments. The Red Team assists with identifying opportunities to enhance American Express's information security posture against a broad range of cyber threats, and develop strategies to most effectively address these threats. The successful candidate will lead a team of highly skilled resources whose mission is to constantly identify ways to protect and defend American Express systems and data by designing and executing cyber attacks that simulate a range of advanced adversaries, partner closely with various leaders and stakeholders to communicate results and help implement key security enhancements.
Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.
Qualifications
• Experience collaborating actively with internal and external partners to reduce security risk • Experience managing budget, implementing and optimizing programs and processes with formal CPI discipline • Experience with public/private partnership activities related to information security including information sharing initiatives, standards development etc.• 5+ years in leadership role managing direct reports including managing performance through active coaching and development and recruiting new talent successfully • Experience communicating with senior and executive leadership about cyber threats and trends as well as effective countermeasures to address • Experience developing key information security strategies, working by objective and directing a team of highly skilled resources to deliver results • Experience with latest generation of attack platforms, tools and resources •Experience developing key reporting and dashboards measuring effectiveness of threat management activities and outcomes • Must possess strong knowledge of the testing lifecycle including: o Development of attack scenarios, objectives, targets and measures of success o Development of the tools, capabilities and methods to accomplish objectives • Strong understanding of threat actor capabilities and applying kill chain concepts to reduce risks • Strong understanding of offensive attacks and techniques • Strong knowledge of relevant information security standards and frameworks including NIST, SANS, ISO, etc. • Previous experience as a red teamer/penetration tester preferred. • Familiar with the information security community, culture and conferences • Knowledge of different operating systems (Windows/Linux/Unix)• Experience using interpreted languages (Ruby, Python, PHP, Perl etc.)• Knowledge of compiled languages (Java, C, C++, Assembly etc.) • Social engineering techniques and tactics • Experience with tools such as NMAP, Metasploit, Burp Suite, tcpdump, hydra, aircrack-ng • Bachelor's degree in Computer Science, Information Systems, Engineering or related major with a minimum of five years experience in the information security field required, OR Associates degree and seven years experience in the information security field. Experience in the banking and finance sector preferred. • OSCP, OSCE, CEH or equivalent as well as CISSP strongly desired. Other relevant security certifications recommended, e.g. CPT, GPEN, CISM, CISA, etc.
Pass it on for Referral Bonus. Not the right role for you, but know someone we should meet? Share with him to earn $1,000 referral bonus.
Posts
