You Lead the Way. Weve Got Your Back.
At American Express, we know that with the right backing, people
and businesses have the power to progress in incredible ways.
Whether were supporting our customers financial confidence to move
ahead, taking commerce to new heights, or encouraging people to
explore the world, our colleagues are constantly redefining whats
possible - and were proud to back each other every step of the way.
When you join #TeamAmex, you become part of a diverse community of
over 60,000 colleagues, all with a common goal to deliver an
exceptional customer experience every day.
American Express is seeking an Application Threat Modeling
Engineer with proven strong technical competence in developing,
building and maintaining secure design & secure coding patterns.
The Application Threat Modeling Engineer serves as a subject matter
expert in developing comprehensive security requirements across a
diverse number of technology stacks.
The Application Threat Modeling Engineer supports the security
champion practice by evangelizing secure design and secure coding
Design, develop and maintain comprehensive secure design
patterns. Design, develop and maintain secure coding standards.
Maintain, update and enhance threat libraries. Socialize and
present secure design patterns and secure coding standards with
engineering teams. Minimum Qualifications
Security and Technical Experience
Must have 3+ years of strong application development experience.
Direct hands on experience with application threat modeling. Direct
hands on experience with threat modeling frameworks, attack vectors
an vulnerability analysis: CAPEC, ATT&CK, STRIDE. Direct hands
on experience with cloud security requirements. Direct hands on
experience with application security controls (web, API and
mobile). Strong familiarity with IAM controls (OAuth 2.0, OIDC,
JWT). Strong familiarity with cryptography controls (Data at rest,
in motion). Experience with industry standards and frameworks: NIST
800-53, CSF, OWASP ASVS. Full stack knowledge of application
architectures including: single page applications, REST APIs, SOAP
mobile application development.
Full stack knowledge or familiarity with database architectures
including Oracle, SQL, DB2 and NoSQL Databases. Key
Self-directed, Confident Team Player Strong Technical Thinker
Strong Planning, Execution and Collaborative skills Communication
skills Good verbal and written communication skills. Ability to
document risk and control summary artifacts that translates complex
threat models into easy to read reports for the business. Openness
to Learning: Takes personal responsibility for learning and
upskilling. Acquires strategies for gaining new knowledge,
behaviors and skills. Builds on and applies existing knowledge.
Engages in learning from others, inside and outside the
organization. Adaptability: Demonstrates flexibility within a
variety of changing situations, while working with individuals and
groups. Changes his or her own ideas or perceptions in response to
changing circumstances. Business Acumen: Demonstrates an awareness
of American Express internal dynamics. Education
Bachelor's degree in computer science, information systems,
cybersecurity, or a related field. Preferred Security
CISSP, SANS GIAC Employment eligibility to work with American
Express in the U.S. is required as the company will not pursue visa
sponsorship for these positions.
American Express is an equal opportunity employer and makes
employment decisions without regard to race, color, religion, sex,
sexual orientation, gender identity, national origin, protected
veteran status, disability status, age, or any other status
protected by law.
ReqID: 21005072 Schedule (Full-Time/Part-Time): Full-time Date
Posted: Apr 12, 2021, 1:28:17 PM