Massachusetts Jobs

MassHire JobQuest Logo

Job Information

American Express Threat Detection Analyst in Boston, Massachusetts


“You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.”

American Express is on a mission to provide the world’s best customer experience every day. Rooted in this vision is the work of the Technology Risk & Information Security organization, empowering the company to delivery superior service through trust, security, and safety. Our culture is centered around passion, curiosity, and courage, enabling you to innovate and evolve a Fortune 10 company. You can help us achieve our mission!

American Express is looking for a Threat Detection Analyst with 3 years experience in Incident Response or Threat Detection to join the Threat Detection and Hunt (TDH) team. Candidates should have ample exposure to network security principles, threat detection practices, rule writing, along with first-hand experience working in a security operations center or security engineering environment. Prospective candidates should have excellent communication skills, work effectively in a team, and perform well in a rapidly-paced workplace.

Specific focus will be on correlating data from various vendor feeds and data sources to detect anomalous, suspicious, or malicious behaviors. An ideal candidate will have extensive information security experience - particularly in incident response and/or threat detection and be able to apply that knowledge to drive future content to reduce risk.

The candidate will work closely with other Information Security teams including Cyber Threat Intelligence, Cyber Detection Engineering, and Incident Response.

Responsibilities Include:

  • Partner with the Cyber Threat Intelligence team to identify active or emerging threats likely to target American Express.

  • Perform basic threat modelling of common environments to identify threat detection opportunities across the MITRE ATT&CK framework.

  • Work with platform owners and Cyber Data Engineering to identify telemetry required to support the development of identified threat detection opportunities.

  • Perform deep dive analysis of logs and malicious artifacts.

  • Analyze large data sets to identify trends and anomalies indicative of malicious activities.

  • Ability to develop and maintain custom detection queries.

“Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.”


  • Thorough knowledge of information security components, principles, practices, and procedures.

  • First-hand security operations center (SOC) experience performing analyst/security engineer duties.

  • Analytic mindset and familiarity with analytic methodologies, including experience solving complex security problems.

  • Understanding of how Windows works and experience with endpoint detection logs, principles, and tools.

  • Understanding of network principles and topology, network protocol behavior, security devices (IPS, IDS, HIPS, firewall).

  • Understanding of authentication principles and technologies, including Active Directory and RACF.

  • Understanding of how to evaluate threat intelligence and identify TTPs for use in detection mechanisms at both the host and network level.

  • Must have strong threat detection knowledge and intuition, including a deep understanding of how malicious traffic appears over the network and at security devices.

  • Must have the ability to analyze data from a variety of sources, correlating it to meaningful security events.

  • Rule and/or query writing experience in at least one SIEM.

  • Should understand content testing, implementation, and revision cycle.

  • Programming experience in at least one scripting language.

Educational Requirement:

  • Bachelor’s Degree in computer science, computer engineering, or related field; or equivalent experience.

  • Information Security Certification preferred, GCIA, GCDA, CISSP or similar.

“American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.”

Job: Technology

Primary Location: United States

Schedule Full-time


Req ID: 21009007