Senior Cloud Security Incident Response Analyst


Job company American Express
Size 10001+ employees
Job specification: “You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

American Express is looking for a Cloud Security Incident Response Analyst with 4+ years of experience and expert knowledge of cloud platforms including AWS, GCP, Azure, etc to join the Incident Response team. This role will serve as a leading engineering resource responsible for defining and driving incident response capabilities within public and private environments.

You will drive Cloud Security Incident Response capabilities, working with multi-functional and cross-enterprise teams that define requirements, develop architecture specifications, select and pilot new technologies, develop enterprise-scale deployment plans and lead initial implementations.

The candidate will work closely with other Information Security departments, architecture and development teams, and external cloud providers on requirements, design, integration, and delivery of these detections.

Responsibilities Include

Provide security and engineering expertise and guidance to the Cloud Program supporting Incident response capabilities, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Cloud Application Architecture subprograms for both private and public cloud providers.
Working with Incident response teams, identify and integrate data sets required for security monitoring, develop use cases, create alerts, write playbooks, and build response capabilities.
Work with platform owners and Cyber Data Engineering to identify and define telemetry requirements to support the development of Identified threat detection opportunities.
Act as a subject matter expert during incident post-mortems to educate stakeholders and drive improvements in detection and response capabilities.
Interface with Cloud Engineering teams to provide security perspective during design
Perform threat modelling of complex cloud environments to identify threat detection opportunities at all layers of the tech stack.

“Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.”

Minimum Qualifications

Thorough knowledge of information security components, principles, practices, and procedures.
Demonstrated experience in Agile environments, application design, software development, and testing.
Expert knowledge of incident response within AWS and public cloud environments
Experience with network architecture, network security, and TCP/IP.
Hands-on experience with Docker and Kubernetes preferred.
Familiar with attacker tools, tactics, and procedures in indicators of compromise (IOCs) that can be applied to hunts, investigations, and incident response.
Minimum of 5 years’ experience with incident response and public cloud platforms
Expertise in cloud architecture and security fundamentals including containers, software-defined networks, high availability design, public cloud, service mesh, and serverless compute.
Educational Requirement:

Bachelor’s Degree in computer science, computer engineering, or related field; or equivalent experience.
Information Security Certification preferred, GCIA, GCDA, CISSP or similar.

“American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.”


ReqID: 21009107
Schedule (Full-Time/Part-Time): Full-time
Date Posted: May 11, 2021, 4:49:05 PM

Seniority Level

Mid-Senior level

Financial Services
Employment Type


Job Functions
Information Technology Engineering
More jobs in this location:
Cyber Security Jobs USA
Cyber Security Jobs Remote