**Description** **You Lead the Way. We’ve Got Your Back.** With the right backing, people and businesses have the power to progress in incredible ways. When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other. Here, you’ll learn and grow as we help you create a career journey that’s unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally. At American Express, you’ll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company’s success. Together, we’ll win as a team, striving to uphold our company values and powerful backing promise to provide the world’s best customer experience every day. And we’ll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong. Join Team Amex and let's lead the way together. As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers’ digital lives. Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems. American Express offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source. And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development. Find your place in technology on #TeamAmex. **How will you make an impact in this role?** This Specialist role will focus on correlating data from various logs and data sources to detect anomalous, suspicious, or malicious behaviors. We are looking for a successful track record in writing advanced SIEM rules to generate complex advanced detections by using extensive information security experience, particularly in incident response and/or threat detection. You will be able to apply that knowledge to drive future content to reduce risk and work closely with other Information Security teams including Cyber Threat Intelligence, Cyber Detection Engineering, and Incident Response. **In this role, you will:** + Partner with the Cyber Threat Intelligence team to identify active or emerging threats likely to target American Express + Perform basic threat modelling of common environments to identify threat detection opportunities across the MITRE ATT&CK framework + Work with platform owners and Cyber Data Engineering to identify telemetry required to support the development of identified threat detection opportunities + Perform deep dive analysis of logs and malicious artifacts + Analyze large data sets to identify trends and anomalies indicative of malicious activities + Ability to develop, document and maintain custom detection queries **Minimum Qualifications** American Express is looking for a Threat Detection Specialist with 7 years’ experience in Incident Response, Threat Detection, or Hunt to join the Threat Detection and Hunt (TDH) team. The ideal candidate should have ample exposure to endpoint detection principles, network security principles, threat detection practices, and advanced rule writing; along with first-hand experience working in a security operations center or security engineering environment. Additionally, we are looking for superb communication skills, an ability to work effectively in a team and perform well in a rapidly-paced workplace. + Thorough knowledge of information security components, principles, practices, and procedures + First-hand security operations center (SOC) experience performing analyst/security engineer duties + Analytic approach and familiarity with analytic methodologies, including experience solving complex security problems + Understanding of Operating System internals and how to analyze malicious code, scripts, exploits, etc + Experience analyzing logs and events generated by endpoint and other security solutions + Understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall) + Understanding of authentication principles and technologies, including Active Directory and RACF + Ability to evaluate threat intelligence and identify TTPs for use in detection mechanisms at both the host and network level + Must have expert threat detection knowledge and intuition, including a deep understanding of how malicious traffic appears over the network and at security devices + Must have the ability to analyze data from a variety of sources, correlating it to meaningful security events + Advanced rule and/or query writing experience in at least one SIEM + Should understand content testing, implementation, and revision cycle + Programming experience in at least one scripting language + University Degree in computer science, computer engineering, or related field; or equivalent experience + Information Security Certification preferred, GCIA, GCDA, CISSP or similar **Preferred Qualifications** + Threat Detection Specialist with 10 years’ experience + Elastic stack / ELK experience and excellent understanding of query DSL + Experience writing Mitre Technique Research Reports + Working knowledge of multiple public cloud environments **Qualifications** Salary Range: $110,000.00 to $190,000.00 annually bonus benefits The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your location, experience, and other job-related factors. We back our colleagues and their loved ones with benefits and programs that support their holistic well-being. That means we prioritize their physical, financial, and mental health through each stage of life. Benefits include: + Competitive base salaries + Bonus incentives + 6% Company Match on retirement savings plan + Free financial coaching and financial well-being support + Comprehensive medical, dental, vision, life insurance, and disability benefits + Flexible working model with hybrid, onsite or virtual arrangements depending on role and business need + 20 weeks paid parental leave for all parents, regardless of gender, offered for pregnancy, adoption or surrogacy + Free access to global on-site wellness centers staffed with nurses and doctors (depending on location) + Free and confidential counseling support through our Healthy Minds program + Career development and training opportunities For a full list of Team Amex benefits, visit our Colleague Benefits Site . American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, disability status, age, or any other status protected by law. We back our colleagues with the support they need to thrive, professionally and personally. That's why we have Amex Flex, our enterprise working model that provides greater flexibility to colleagues while ensuring we preserve the important aspects of our unique in-person culture. Depending on role and business needs, colleagues will either work onsite, in a hybrid model (combination of in-office and virtual days) or fully virtually. US Job Seekers/Employees - Click here to view the “Know Your Rights” poster and the Pay Transparency Policy Statement. If the links do not work, please copy and paste the following URLs in a new browser window: https://www.dol.gov/agencies/ofccp/posters to access the three posters. Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions. **Job:** Operations **Primary Location:** US-Arizona-Phoenix **Other Locations:** US-Georgia-Atlanta, US-California-Palo Alto, US-Utah-Sandy, US-New York-New York, US-Florida-Sunrise **Schedule** Full-time **Req ID:** 24020761