Arizona Staffing
Manager - Application Security/ CyberOps & Assurance
Arizona Staffing, Phoenix, Arizona, United States, 85003
Information Security Specialist
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of our diverse tech team, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex. It's more than protecting systems and data. It's protecting people. Responsibilities
Here are some things you can count on doing: Providing guidance on information security processes, controls, and compliance, and information security risk management to team members Encouraging employee contribution, such as feedback, career development planning, and goal setting. Developing plans and strategies for information security tools, processes, and programs Responding to changes in the regulatory environment and assisting other organizations in doing the same. Making strategic recommendations to enhance information security, including processes, procedures, governance approaches, and compliance. Qualifications
Here are the qualifications we need: 4 years of experience in application security, application penetration testing, research, red team, or Security Operations Center (SOC) analyst. Experience with the CI/CD process and tools like Git, Docker, Jenkins, Release pipeline etc. is required. Experience with common penetration testing tools like Metasploit, Kali Linux, BURP Suite, nmap, or sqlmap. 2 years of object-oriented design and full stack development, using languages like Go or Java. 4 years of experience with dynamic application security testing (DAST) or static application security testing (SAST). 2 years of experience as an application security lead. At least one current certification GCPN, GWEB, GMOB, GWAT, GPEN, GXPN, GREM, CEH, C|ASE .NET, C|ASE Java, OSCP, OSWA, OSWE, CSSLP, other Here are the preferred qualifications: 4 years of experience in application security, application penetration testing, research, red team, or Security Operations Center (SOC) analyst. 2 years of object-oriented design and full stack development, using languages like Go, Java, C#, or Python. Strong knowledge of CI/CD process and tools like Git, Docker, Jenkins, Release pipeline etc. is required. Knowledge of offensive security, including common penetration testing tools like Metasploit, Kali Linux, BURP Suite, nmap, or sqlmap. 4 years of object-oriented design and full stack development, using languages like Go or Java. 4 years of experience with dynamic application security testing (DAST) and static application security testing (SAST). 2 years of experience as an application security lead. Ability to effectively communicate with internal and external business partners. At least two of the certifications GCPN, GWEB, GMOB, GWAT, GPEN, GXPN, GREM, CEH, C|ASE .NET, C|ASE Java, OSCP, OSWA, OSWE, GCLD, GPCS, CCSP, CSSLP Annual Range: $110,000.00 to $190,000.00 annually bonus benefits American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually. US Job Seekers - Click to view the "Know Your Rights" poster.
At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. As part of our diverse tech team, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex. It's more than protecting systems and data. It's protecting people. Responsibilities
Here are some things you can count on doing: Providing guidance on information security processes, controls, and compliance, and information security risk management to team members Encouraging employee contribution, such as feedback, career development planning, and goal setting. Developing plans and strategies for information security tools, processes, and programs Responding to changes in the regulatory environment and assisting other organizations in doing the same. Making strategic recommendations to enhance information security, including processes, procedures, governance approaches, and compliance. Qualifications
Here are the qualifications we need: 4 years of experience in application security, application penetration testing, research, red team, or Security Operations Center (SOC) analyst. Experience with the CI/CD process and tools like Git, Docker, Jenkins, Release pipeline etc. is required. Experience with common penetration testing tools like Metasploit, Kali Linux, BURP Suite, nmap, or sqlmap. 2 years of object-oriented design and full stack development, using languages like Go or Java. 4 years of experience with dynamic application security testing (DAST) or static application security testing (SAST). 2 years of experience as an application security lead. At least one current certification GCPN, GWEB, GMOB, GWAT, GPEN, GXPN, GREM, CEH, C|ASE .NET, C|ASE Java, OSCP, OSWA, OSWE, CSSLP, other Here are the preferred qualifications: 4 years of experience in application security, application penetration testing, research, red team, or Security Operations Center (SOC) analyst. 2 years of object-oriented design and full stack development, using languages like Go, Java, C#, or Python. Strong knowledge of CI/CD process and tools like Git, Docker, Jenkins, Release pipeline etc. is required. Knowledge of offensive security, including common penetration testing tools like Metasploit, Kali Linux, BURP Suite, nmap, or sqlmap. 4 years of object-oriented design and full stack development, using languages like Go or Java. 4 years of experience with dynamic application security testing (DAST) and static application security testing (SAST). 2 years of experience as an application security lead. Ability to effectively communicate with internal and external business partners. At least two of the certifications GCPN, GWEB, GMOB, GWAT, GPEN, GXPN, GREM, CEH, C|ASE .NET, C|ASE Java, OSCP, OSWA, OSWE, GCLD, GPCS, CCSP, CSSLP Annual Range: $110,000.00 to $190,000.00 annually bonus benefits American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually. US Job Seekers - Click to view the "Know Your Rights" poster.