Director Cybersecurity
Company: American Express
Location: Phoenix
Posted on: January 9, 2026
|
|
|
Job Description:
At American Express, our culture is built on a 175-year history
of innovation, shared values and Leadership Behaviors, and an
unwavering commitment to back our customers, communities, and
colleagues. As part of Team Amex, youll experience this powerful
backing with comprehensive support for your holistic well-being and
many opportunities to learn new skills, develop as a leader, and
grow your career. Here, your voice and ideas matter, your work
makes an impact, and together, you will help us define the future
of American Express. American Express is committed to safeguarding
the integrity, confidentiality, and availability of our systems,
applications, and customer data. As part of our mission to
strengthen the company’s cybersecurity posture, we are seeking a
Director of Penetration Testing to lead a high-impact team of
security professionals dedicated to identifying and mitigating
vulnerabilities through real-world attack simulations. The Director
– Penetration Testing will lead the strategy, execution, and
advancement of American Express’s offensive security program,
ensuring comprehensive testing coverage across applications,
infrastructure, and emerging technologies. This leader will drive
innovation in testing methodologies, oversee program operations,
manage the enterprise Responsible Disclosure and Bug Bounty
programs, and provide critical insights to senior leadership to
inform business risk decisions. This position requires a strategic
and technically adept leader who can balance tactical execution
with long-term vision, inspire and mentor a team of experts, and
collaborate across the enterprise to ensure proactive defense and
continuous improvement of our security posture. Responsibilities
Include: • Team Management: Build, lead, and mentor a
high-performing team of penetration testers. Oversee hiring,
training, and professional development, ensuring resource alignment
to meet program goals. • Program Leadership: Oversee and manage all
penetration testing engagements, ensuring adherence to compliance
standards, internal policies, and regulatory requirements. •
Operational Oversight: Lead enterprise testing initiatives
including application, infrastructure, cloud, and emerging
technology assessments. Manage the Responsible Disclosure and Bug
Bounty programs to ensure effective triage, validation, and
remediation of reported vulnerabilities. • Vulnerability Management
Partnership: Collaborate with vulnerability management and
engineering teams to track, prioritize, and resolve identified
vulnerabilities. • Reporting & Communication: Develop, review, and
present detailed technical findings and executive-level summaries,
providing actionable recommendations to senior leadership. •
Strategic Alignment: Define and evolve the penetration testing
strategy to align with organizational goals, threat intelligence,
and regulatory mandates. • Technical Excellence: Maintain deep
expertise in penetration testing methodologies, frameworks, and
tools. Ensure the program remains current with evolving attack
techniques and technologies. • Cross-Functional Collaboration:
Partner with technology, engineering, and risk functions to embed
offensive security insights into proactive defense and design
reviews. Minimum Requirements: • 10 years of experience in
cybersecurity or equivalent experience, with at least 5 years in
penetration testing or offensive security leadership roles. •
Extensive hands-on knowledge of penetration testing methodologies,
frameworks, and tools such as Metasploit, Burp Suite, NMAP, and
Wireshark. • Strong understanding of operating systems (Windows,
Linux, macOS) and network protocols, including segmentation
methodologies. • In-depth understanding of regulatory and
compliance standards including PCI-DSS. • Proven experience
managing large-scale penetration testing programs, including
internal/external audits and third-party engagements. • Bachelor’s
Degree in Computer Science, Information Security, or related field;
or equivalent professional experience. Preferred Requirements •
Exceptional communication and presentation skills; able to
articulate technical risks and findings to executives and
non-technical audiences. • Demonstrated ability to lead
cross-functional teams and drive strategic initiatives in a complex
enterprise environment. • Bachelor’s Degree in Computer Science,
Information Security, or related field; or equivalent professional
experience. • Industry-recognized certifications preferred (e.g.,
OSCP, OSCE, GPEN, GWAPT, CISM). Salary Range: $144,250.00 to
$256,250.00 annually bonus equity (if applicable) benefits The
above represents the expected salary range for this job
requisition. Ultimately, in determining your pay, we’ll consider
your location, experience, and other job-related factors. We back
you with benefits that support your holistic well-being so you can
be and deliver your best. This means caring for you and your loved
ones physical, financial, and mental health, as well as providing
the flexibility you need to thrive personally and professionally: •
Competitive base salaries • Bonus incentives • 6% Company Match on
retirement savings plan • Free financial coaching and financial
well-being support • Comprehensive medical, dental, vision, life
insurance, and disability benefits • Flexible working model with
hybrid, onsite or virtual arrangements depending on role and
business need • 20 weeks paid parental leave for all parents,
regardless of gender, offered for pregnancy, adoption or surrogacy
• Free access to global on-site wellness centers staffed with
nurses and doctors (depending on location) • Free and confidential
counseling support through our Healthy Minds program • Career
development and training opportunities
Keywords: American Express, Buckeye , Director Cybersecurity, IT / Software / Systems , Phoenix, Arizona
