American Express Information Security Analyst- PenTesting in Phoenix, Arizona

Information Security is one of the most exciting and challenging professions in the world – especially at American Express! American Express is committed to building a strong Cyber Security team to support our world-class organization. This group is nimble and creative with the power to shape our technology and product roadmap. You will be part of a fast-paced, ‘on demand’ team responsible for delivering and performing Penetration Testing. You will be challenged with delivering thorough testing and following through to resolution. Today, as cyber-attacks increase and compliance is more rigorously enforced, we look to stay ahead of what’s next and to protect our business and our future

Job Responsibilities

  • Provide scanning and testing for new or modified systems as part of the SDLC

  • Conduct remediation validation, and vulnerability assessments on a wide variety of technologies and implementations utilizing:

    o manual and automated tools techniques

    o web application penetration testing

    o backend server and infrastructure testing

    o network penetration tests

  • Utilize a variety of vulnerability assessment and penetration testing tools and documented processes to ensure consistency and optimization of information security processes; work in support of efforts to measure and improve information security processes

  • Effectively communicate successes and obstacles with fellow team members and leaders

  • Ethically operate with appreciable latitude in developing methodologies

  • Prepare materials (reports, presentations, spreadsheets, etc) detailing assessment findings and recommendations on information security to help develop scenarios, response procedures, and to enable informed decision making; verify completeness, accuracy and relevance of data gathered

  • Provide consulting service to internal technology and business partners

  • Collaborate with internal and external auditors and regulatory examiners to ensure compliance within the program


  • 3 years in the IT profession

  • Experience/understanding of security principles, policies and industry best practices

  • Demonstrable experience with common network vulnerability assessment techniques and tools

  • Demonstrable experience with application security assessment techniques and tools

  • Be able to describe and manually perform vulnerabilities such as SQL injection, Server Side Request Forgery, etc.

  • Familiarity with common penetration testing methodologies such as the OSSTMM, OWASP Testing Guide and the PTES

  • Knowledge in technology infrastructure security, networking, databases, systems and/or Web

  • Exceptional communication skills

  • Demonstrated ability to deliver on time and on budget

At the core of Information Security Management.

Every member of our team must be able to demonstrate the following technical, functional, leadership and business core competencies, including:

  • Agile Practices

  • Emerging Technologies

  • Business Process Improvement

  • Business Risk Management

  • Analytical Thinking

  • Coaching and Mentoring

  • Business Case Development

  • Industry and Company Knowledge

Why American Express

Talk to our people and you’ll find out what we’re really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you’ll hear. It’s our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world. If you’re ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or any other status protected by law.

Job Technology

Title: Information Security Analyst- PenTesting

Location: Arizona-Phoenix

Other Locations: United States

Requisition ID: 18003629