American Express Threat Modeling Engineer - Application Security in United States
You Lead the Way. We’ve Got Your Back.
At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.
American Express is seeking an Application Threat Modeling Engineer with proven strong technical competence in developing, building and maintaining secure design & secure coding patterns. The Application Threat Modeling Engineer serves as a subject matter expert in developing comprehensive security requirements across a diverse number of technology stacks.
The Application Threat Modeling Engineer supports the security champion practice by evangelizing secure design and secure coding controls.
Design, develop and maintain comprehensive secure design patterns.
Design, develop and maintain secure coding standards.
Maintain, update and enhance threat libraries.
Socialize and present secure design patterns and secure coding standards with engineering teams.
Security and Technical Experience
Must have 3 years of strong application development experience.
Direct hands on experience with application threat modeling.
Direct hands on experience with threat modeling frameworks, attack vectors an vulnerability analysis: CAPEC, ATT&CK, STRIDE.
Direct hands on experience with cloud security requirements.
Direct hands on experience with application security controls (web, API and mobile).
Strong familiarity with IAM controls (OAuth 2.0, OIDC, JWT).
Strong familiarity with cryptography controls (Data at rest, in motion).
Experience with industry standards and frameworks: NIST 800-53, CSF, OWASP ASVS.
Full stack knowledge of application architectures including: single page applications, REST APIs, SOAP APIs, mobile applications.
Full stack knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases.
Self-directed, Confident Team Player
Strong Technical Thinker
Strong Planning, Execution and Collaborative skills
Communication skills — Good verbal and written communication skills. Ability to document risk and control summary artifacts that translates complex threat models into easy to read reports for the business.
Openness to Learning: Takes personal responsibility for learning and upskilling. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge. Engages in learning from others, inside and outside the organization.
Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances.
Business Acumen: Demonstrates an awareness of American Express internal dynamics.
- Bachelor's degree in computer science, information systems, cybersecurity, or a related field.
Preferred Security Certifications
- CISSP, SANS GIAC
Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.
American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.
Primary Location: US-Arizona-Phoenix
Other Locations: US-Texas, US-Florida, United States, US-California, US-New York
Req ID: 21005072
- American Express Jobs