American Express Information Security Specialist - Intrusion Analyst in Columbia, South Carolina
You Lead the Way. We’ve Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
American Express is on a mission to provide the world’s best customer experience every day. Rooted in this vision is the work of the Technology Risk & Information Security organization, empowering the company to deliver superior service through trust, security, and safety. Our culture is centered around passion, curiosity, and courage, enabling you to innovate and evolve a Fortune 100 company. You can help us achieve this mission! Are you ready to protect one of the most admired brands from today’s, and tomorrow’s advanced threats?
American Express seeks to recruit a passionate, and experienced intrusion response lead analyst for its incident response team. This is a mid to senior level hands-on highly technical role performing incident and intrusion response activity ranging from pre-incident (preparation), active incident, to post incident. You will be a key technical resource in conducting investigations, performing analysis, determining activity, identifying TTPs, building the attack narrative, and taking response actions. You are a motivated professional that will assist with people, processes, and technology that empowers the team to investigate sophisticated threats. This role requires critical thinking, innovative problem solving, leading analysis, and effective communications.
Please note, we will consider remote work options for highly skilled candidates.
Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations across Windows, Mac, Linux, and Cloud platforms.
Curate a world class security operations and incident response team with a relentless focus on innovation and automation
Participate in incident response and crisis management activities
Fully scope incidents through proper identification of all affected systems and/or accounts
Advise leadership on containment, eradication, and recovery strategies
Recognize attacker tools, tactics, and procedures in indicators of compromise (IOCs) / Indicators of Attack (IOAs) that can be applied to current and future investigations
Provide after-hours support on an on-demand basis
Provide support in incident response and manage escalations as needed
Assess and develop incident response best practices to help mature the security operations of the organization
Produce high-quality written and verbal reports, recommendations, and actions.
Participate in on-call rotation and on-call duties
5 years of comparable experience in incident response, intrusion response, digital forensics and/or incident response consulting
Experience developing, managing, and consulting on incident response policies and procedures
Experience with host and network forensics
Expertise in analysis of TCP/IP network communication protocols
Expertise in analysis of artifacts on various operating systems
Expertise responding to security events, including hacktivist, cybercrime, and APT activity
Theoretical and practical security knowledge with Mac, Linux, and Windows operating systems, as well as cloud environments.
Theoretical and practical knowledge of Incident Response lifecycles
At least one of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA)
Ability to convey complex technical concepts to audiences with varying levels of technical ability
Multiple applicable certifications (GCIA, GCIH, GCFA, GNFA, GCFE, GREM, etc.)
Knowledge of various forensic tools and capabilities
Scripting abilities in Python, shell, Go, and/or PowerShell
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.
Primary Location: United States
Other Locations: US-Florida, US-District of Columbia, US-New York, US-Arizona, US-Texas, US-Arizona-Phoenix, US-Virginia, US-Utah
Req ID: 21006530