Senior Information Security Analyst

Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.

What You’ll Do on a Typical Day:

• Advanced black/grey box web penetration testing.
• Perform in-depth penetration tests on Android and iOS mobile applications, including dynamic and static analysis.
• Conduct thick client application assessments across diverse platforms and technologies.
• Test APIs, backend services, and web applications for security vulnerabilities using both automated tools and manual techniques.
• Identify and exploit vulnerabilities in systems, networks, and applications to achieve defined objectives.
• Strong knowledge of OWASP Top 10, SANS CWE Top 25, and common web application vulnerabilities.
• Proficiency with tools such as Burp Suite, OWASP ZAP, Nuclei, Postman, SQLMAP, Frida, Drozer, Objection, MobSF, IDA Pro, Ghidra, and custom scripts.
• Expertise in analyzing and exploiting vulnerabilities in technologies like SQL, NoSQL, JavaScript, frameworks (React, Angular), and API security.
• Strong understanding of authentication protocols (OAuth, SAML, OpenID), encryption, and cloud security.
• Industry certifications such as OSWE, CWEE, eWPTX are highly desirable.
• Exceptional problem-solving skills and attention to detail.
• Excellent verbal and written communication skills for technical and executive audiences.
• Experience with devices (iPhone, iPad, android ).
• Contribute to the development of Penetration test & Red Team processes, playbooks, and methodologies.
• Simulate real-world attacks to assess the effectiveness of existing security controls.
• Collaborate with development teams to provide actionable recommendations for remediation and secure coding practices.
• Stay updated on the latest vulnerabilities, attack vectors, and exploit techniques.
• Develop custom scripts, tools, and methodologies to enhance penetration testing capabilities.
• Create detailed, professional reports outlining findings, risks, and recommendations for technical and non-technical audiences.

What we're looking for:

• Go-getter attitude, Self-Motivated, Ability to work in a fast-paced, collaborative environment and adapt to evolving threats.
• 4+ years of experience doing pentest and personal research in cyberspace.
• Hands-on experience with penetration testing hardened environment.
• Strong knowledge of adversary tactics, techniques, and procedures (TTPs), including the MITRE ATT&CK framework.
• Deep understanding of network protocols, operating systems (Windows, Linux, macOS), ADCS, and Active Directory environments.
• Strong scripting & programming skills in languages like Python, PowerShell, Bash, Rust, or C/C++.
• Proficient in penetration testing methodologies.
• Analytical problem-solving abilities.
• Detail-oriented approach.
• Ability to explain complex technical finding.

Location

The #TeamGBT Experience

Work and life: Find your happy medium at Amex GBT.

• Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.

• Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.

• Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.

• We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.

• And much more!

All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.

Click Here for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.

Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process. For details regarding how we protect your data, please consult the Amex GBT Recruitment Privacy Statement.

What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!