Senior Cloud Security Analyst - Cloud Security Engineering

at American Express in Little Rock, Arkansas, United States

Job Description


“You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible – and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day."

American Express is on an exciting Cloud transformation journey led by a high-energy, delivery-focused team delivering security as code and integration to enable on-premise equivalent security models for cloud workloads. The Cloud Security Engineering group builds and delivers technology which enables shift left security integration through partnership and collaboration across Technology Risk and Information Security, as well as multiple Technology teams. The Sr. Cloud Security Analyst – - Cloud Engineering will create and mature the program, design and develop tools to deliver security requirements for the enterprise, and will ensure the success of the American Express journey towards hybrid cloud. The Director and their team will be accountable for securely enabling the cloud journey through a delivery-based program.

To be successful, you and your team will work very closely with other Technology Risk and Information Security functions, as well as Cloud Security Strategy, Cloud Operations, and many other Technology and non-Technology teams to identify, solution, and deliver security code elements. You will mature a program which aims to drive automation, zero touch, and idempotency through “everything-as-code”. This position demands a well-organized; action-oriented team player with the ability to prioritize daily work; work on multiple initiatives simultaneously; establish and maintain an outward looking view on new and evolving network edge technologies; and an ability to mature and operate business critical, end-to-end processes and solutions – while ensuring a great colleague user experience.

Responsibilities Include:

+ Design and mature a Cloud Security Engineering program created to deliver security code elements across private and public multi-cloud

+ Provide security and engineering expertise and guidance to the Cloud Programs, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Policy as Code (PaC).

+ Collaborate with enterprise architects and SMEs to deliver complete security architecture solutions.

+ Lead Cloud Security engineering team which designs and develops tools to delivery security requirements for the enterprise.

+ Own all technical aspects of software development (architecture, design and development of systems) for assigned applications.

+ Lead a team who delivers hands-on software development, typically spending about 80% of time writing code, APIs, doing proof of concepts and conducting code reviews.

+ Identify exciting opportunities for adopting new technologies to solve existing needs and predicting future challenges.

+ Present key security ideas to various audiences (technical and non-technical), in an effective manner.


+ 3 years of software development experience, with an emphasis on test driven design, using any of the following languages: Python, Golang. Must have a deep understanding of the language and its ecosystem, adhering to coding standards of the language.

+ 2 years of experience in Information Security roles with increase of responsibilities and scope.

+ 2 years of experience using one or more prominent software frameworks. (Django, .NET, etc)

+ Demonstrated experience in a manager-level role.

+ 2 years of experience in designing, implementing and supporting microservice architecture is required.

+ Understanding of classical or cloud-native design patterns is required.

+ Experience building and consuming REST or GraphQL APIs is required.

+ Experience with Docker, Open Containers Initiative, or similar is required.

+ 2 years of Experience with Openshift or Kubernetes cluster administration.

+ Experience in applying Security Principles to Kubernetes or OpenShift clusters and container workloads.

+ Understding of Cloud Fundamentals, including securing public cloud with data protection controls.

+ Experience performing validation and verification of configurations in a cloud environment.

+ Knowledge of security configuration management, container security, endpoint security and secrets management as they are applied to cloud applications.

+ Knowledge of network architecture, proxy infrastructure, and programs to support network access and enablement.

+ Experience with multiple Information Security domains, such as Infrastructure Vulnerability, Data Loss Prevention, End User Security, Network Security, Internet Security, Identity & Access Management, etc.

+ 2 years in utilizing GitOps and various Git-Workflows.

+ Experience working with GitHub Actions or Git Runners.

+ Experience in setting up Enterprise SCM controls in Git or equivalent.

+ One year of experience with Twistlock, Prisma Cloud or Prisma Compute; deployment, policy definition, api consumption.

+ Experience in defining resources configurations using Terraform or Helm.

+ Experience creating policies to enforce resource configuration using Hashicorp Sentinel.

+ Experience in defining policies using Open Policy Agent (OPA).

+ Understanding of DevOps and DevSecOps principles

+ 2 years of utilizing Jenkins CI/CD tool.

+ Bachelor’s Degree in computer science with at least 2 years of enterprise cloud experience.

+ Information Security or Cloud Certification preferred – CISSP, CISM, CCSP or similar.

+ Kubernetes Administrator Certification or similar work experience.

“Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.”

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

“American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.”

Job: Technology

Primary Location: United States

Schedule Full-time


Req ID: 21024444

Copy Link

Job Posting: JC193943447

Posted On: Oct 03, 2021

Updated On: Nov 06, 2021