American Express Senior Threat Detection & Hunt Analyst in Des Moines, Iowa
You Lead the Way. We’ve Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
American Express is looking for a Threat Detection Analyst with 7 years’ experience in Incident Response, Threat Detection, or Hunt to join the Threat Detection and Hunt (TDH) team. Candidates should have ample exposure to endpoint detection principles, network security principles, threat detection practices, and advanced rule writing; along with first-hand experience working in a security operations center or security engineering environment. Prospective candidates should have excellent communication skills, work effectively in a team, and perform well in a rapidly-paced workplace.
Specific focus will be on correlating data from various logs and data sources to detect anomalous, suspicious, or malicious behaviors. This includes a successful track record in writing advanced SIEM rules to generate complex advanced detections. An ideal candidate will have extensive information security experience - particularly in incident response and/or threat detection and be able to apply that knowledge to drive future content to reduce risk.
The candidate will work closely with other Information Security teams including Cyber Threat Intelligence, Cyber Detection Engineering, and Incident Response.
Partner with the Cyber Threat Intelligence team to identify active or emerging threats likely to target American Express.
Perform basic threat modelling of common environments to identify threat detection opportunities across the MITRE ATT&CK framework.
Work with platform owners and Cyber Data Engineering to identify telemetry required to support the development of identified threat detection opportunities.
Perform deep dive analysis of logs and malicious artifacts.
Analyze large data sets to identify trends and anomalies indicative of malicious activities.
Ability to develop, document and maintain custom detection queries.
Bachelor’s Degree in computer science, computer engineering, or related field; or equivalent experience.
Information Security Certification preferred, GCIA, GCDA, CISSP or similar.
Thorough knowledge of information security components, principles, practices, and procedures.
First-hand security operations center (SOC) experience performing analyst/security engineer duties.
Analytic mindset and familiarity with analytic methodologies, including experience solving complex security problems.
Understanding of Operating System internals and how to analyze malicious code, scripts, exploits, etc.
Experience analyzing logs and events generated by endpoint and other security solutions.
Understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall).
Understanding of authentication principles and technologies, including Active Directory and RACF.
Ability to evaluate threat intelligence and identify TTPs for use in detection mechanisms at both the host and network level.
Must have expert threat detection knowledge and intuition, including a deep understanding of how malicious traffic appears over the network and at security devices.
Must have the ability to analyze data from a variety of sources, correlating it to meaningful security events.
Advanced rule and/or query writing experience in at least one SIEM.
Should understand content testing, implementation, and revision cycle.
Programming experience in at least one scripting language.
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.
Primary Location: United States
Other Locations: US-Utah-Salt Lake City, US-Arizona-Phoenix, US-New York-New York, US-Florida-Sunrise
Req ID: 21019527
- American Express Jobs