at American Express in Dover, Delaware, United States
You Lead the Way. We’ve Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible – and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
American Express is on a mission to provide the world’s best customer experience every day. Deeply rooted in that vision is our Technology Risk & Information Security organization, which empowers the company to deliver superior service through security. Our culture is centered around passion, curiosity, and courage — enabling you as an individual the opportunity to innovate and evolve a Fortune 100 company. You can help us realize this vision! Are you ready to protect one of the most admired brands from today’s (and tomorrow’s) threats?
The Director of Red Team leads offensive security efforts to assess and identify opportunities across the global American Express environment. This role requires partnering across the company to improve our overall risk posture through emulating adversaries, executing attack paths, and providing actionable recommendations. The Red Team Director leads talented individuals expected to understand all the threat vectors to each environment and properly assess them. This leader will also be responsible for attracting and retaining industry-leading talent, developing long-term workforce plans, and driving continuous improvements within the program. The Director of Red Team is a role that can make a difference in maturing the security strategy and output of the organization.
+ Lead and develop a dedicated team of Red Team and offensive security professionals that are geographically dispersed
+ Own the vision, drive the strategy, and execution plan for Red Team and Red Team engagements
+ Consult and collaborate with teams providing guidance and recommendations to improve cybersecurity
+ Maintain a positive and healthy team culture based in excellence, trust, empathy, and growth mindset
+ Mentor, encourage, and develop a technically diverse team with different experience levels to support personal and professional growth
+ Manage the attack lifecycle, track milestones, issues, and risks
+ Keep pace of cybersecurity threats, threat actors, and their associated TTPs
+ Communicate the business value of the Red Team to senior leaders and demonstrate Return on Investment (ROI), where applicable
+ Mature Key Performance Indicators (KPIs), and Objective and Key Results (OKRs)
+ Experience supporting governance and compliance requirements
+ Passion for cybersecurity!
+ 5 years of experience in penetration testing, red teaming, threat hunting, or incident response at a state, federal, cybersecurity services company, or major corporate level
+ Theoretical and practical security knowledge with Mac, Linux, and Windows operating systems, as well as cloud environments and active directory
+ Ability to convey complex technical concepts to audiences with varying levels of technical ability
+ Experience with industrial frameworks like Cyber Kill Chain and MITRE ATT&CK
+ Strong analytical and problem-solving skills
+ Desire to grow and expand both technical and soft skills
+ GIAC Certifications including, but not limit to: GPEN, GWAPT, GXPN, GCIH, GCFA, GSLC
+ Offensive Security Certifications including, but not limited to: OSCP, OSEP, OSWE, OSED, OSEE
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.
Primary Location: United States
Req ID: 21021058