Information Security Specialist - Intrusion Specialist (DFIR)
Remote or Washington, DC
You Lead the Way. We've Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we're supporting our customers' financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what's possible - and we're proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
American Express is on a mission to provide the world's best customer experience every day. Rooted in this vision is the work of the Technology Risk & Information Security organization, empowering the company to deliver superior service through trust, security, and safety. Our culture is centered around passion, curiosity, and courage, enabling you to innovate and evolve a Fortune 100 company. You can help us achieve this mission! Are you ready to protect one of the most admired brands from today's, and tomorrow's advanced threats?
American Express seeks to recruit a passionate, and experienced intrusion response lead analyst for its incident response team. This is a mid to senior level hands-on highly technical role performing incident and intrusion response activity ranging from pre-incident (preparation), active incident, to post incident. You will be a key technical resource in conducting investigations, performing analysis, determining activity, identifying TTPs, building the attack narrative, and taking response actions. You are a motivated professional that will assist with people, processes, and technology that empowers the team to investigate sophisticated threats. This role requires critical thinking, innovative problem solving, leading analysis, and effective communications.
Please note, we will consider remote work options for highly skilled candidates.
+ Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations across Windows, Mac, Linux, and Cloud platforms.
+ Curate a world class security operations and incident response team with a relentless focus on innovation and automation
+ Participate in incident response and crisis management activities
+ Fully scope incidents through proper identification of all affected systems and/or accounts
+ Advise leadership on containment, eradication, and recovery strategies
+ Recognize attacker tools, tactics, and procedures in indicators of compromise (IOCs) / Indicators of Attack (IOAs) that can be applied to current and future investigations
+ Provide after-hours support on an on-demand basis
+ Provide support in incident response and manage escalations as needed
+ Assess and develop incident response best practices to help mature the security operations of the organization
+ Produce high-quality written and verbal reports, recommendations, and actions.
+ Participate in on-call rotation and on-call duties
+ 5 years of comparable experience in incident response, intrusion response, digital forensics and/or incident response consulting
+ Experience developing, managing, and consulting on incident response policies and procedures
+ Experience with host and network forensics
+ Expertise in analysis of TCP/IP network communication protocols
+ Expertise in analysis of artifacts on various operating systems
+ Expertise responding to security events, including hacktivist, cybercrime, and APT activity
+ Theoretical and practical security knowledge with Mac, Linux, and Windows operating systems, as well as cloud environments.
+ Theoretical and practical knowledge of Incident Response lifecycles
+ At least one of the following technical certifications: GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensic Analyst (GNFA)
+ Ability to convey complex technical concepts to audiences with varying levels of technical ability
+ Multiple applicable certifications (GCIA, GCIH, GCFA, GNFA, GCFE, GREM, etc.)
+ Knowledge of various forensic tools and capabilities
+ Scripting abilities in Python, shell, Go, and/or PowerShell
**Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.**
**American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.**
**Primary Location:** United States
**Other Locations:** US-Florida, US-District of Columbia, US-New York, US-Arizona, US-Texas, US-Arizona-Phoenix, US-Virginia, US-Utah
**Req ID:** 21006530