JOB DESCRIPTION

Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and build a unique career with the Powerful Backing of American Express. With a range of opportunities to work with the latest technologies, and a commitment to back the broader engineering community through open source, our mission is to power your success. Because Amex Tech is powered by our technology, our culture, and our colleagues.

The Technology organization enables and accelerates the company’s growth strategies, delivering global capabilities and services in support of Amex’s customers and colleagues, while maintaining 24/7 servicing and availability to ensure an uninterrupted, high-quality customer experience. Technology provides the foundation for everything we do in the company while driving differentiation through building and leveraging innovative technology and data insights.

At American Express, our mission is to deliver the world’s best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage-empowering you to innovate, grow, and help shape the future of a Fortune 100 company.

Trust. Service. Security.

How will you make an impact in this role?

American Express is committed to delivering secure, resilient, and scalable technology solutions that protect our customers and enable business growth. As part of this mission, the Director - Security Integration & Engineering will lead the engineering backbone of enterprise Security Posture Validation. This role drives the strategy, architecture, integration, automation, and sustained operation of the security tooling ecosystem that enables scalable, observable, and enforceable security controls across the software development lifecycle.

The Director will oversee the design and execution of application and code-to-cloud security integrations, ensuring that tooling, automation, and telemetry pipelines generate accurate, defensible insights while supporting developer velocity and regulatory compliance. This leader will collaborate across cybersecurity, engineering, infrastructure, and risk domains to mature posture validation capabilities and align security controls with enterprise standards and global regulatory expectations.

This position demands a strategic and technically deep leader who can operate at both executive and hands-on engineering levels, prioritize operational excellence alongside long-term transformation, and build high-performing teams that deliver measurable risk reduction.

RESPONSIBILITIES

• Define and execute the multi-year strategy and roadmap for Security Integration & Engineering aligned with enterprise cybersecurity and business priorities.
• Lead the design, integration, automation, and continuous evolution of the enterprise security tooling platform, ensuring reliability, scalability, resiliency, and operational excellence.
• Provide engineering enablement and integration support across security validation domains including:
• Static Application Security Testing (SAST)
• Software Composition Analysis (SCA)
• Dynamic Application Security Testing (DAST)
• API Security
• Penetration Testing intake and integration
• Infrastructure Vulnerability Management
• External Attack Surface Management (EASM)
• Sensitive Data Element (SDE) detection
• Enterprise vulnerability reporting and executive dashboards
• Ensure normalized data models, scalable automation, exception workflows, SLO enforcement, and audit-ready reporting across security telemetry pipelines.
• Own and maintain the Source Code Security Standard and ensure alignment with enterprise security controls and architecture governance.
• Support regulatory and audit engagements by delivering defensible evidence, metrics, and documentation aligned to global cybersecurity standards.
• Lead response to complex security and operational events, coordinating cross-functional mitigation, root cause analysis, and control validation.
• Partner with product, engineering, IAM, infrastructure, vulnerability management, and risk teams to embed security controls into CI/CD pipelines and business workflows.
• Influence senior stakeholders to prioritize and implement security recommendations aligned with enterprise risk tolerance.
• Build, mentor, and develop high-performing cybersecurity engineering teams, driving hiring strategy, talent retention, succession planning, and performance management.
• Manage budgets, workforce planning, and resource allocation to support strategic and operational objectives.

QUALIFICATIONS

Preferred Qualifications

• 10+ years of progressive experience in cybersecurity, including senior leadership roles within security engineering or application security.

• Deep expertise in Application Security disciplines including SAST, DAST, SCA, API Security, and secure CI/CD integration practices.

• Strong understanding of vulnerability management practices, threat modeling methodologies, and enterprise risk management frameworks.

• Experience designing and implementing enterprise-scale security platform integrations and automation using APIs and scripting languages (Python, Bash, PowerShell).

• Knowledge of cloud security principles, identity and access management (IAM), data security governance, and network security fundamentals (TCP/IP, DNS, HTTP).

• Experience building and managing security telemetry pipelines, metrics frameworks, and executive reporting dashboards.

• Demonstrated success managing regulatory audits, control validation efforts, and global compliance requirements.

• Proven ability to lead high-impact security incident response efforts and cross-functional remediation initiatives.

• Strong stakeholder management skills with the ability to communicate effectively to both technical and executive audiences.

• Experience with enterprise security tooling including vulnerability scanning platforms, EDR solutions (e.g., CrowdStrike, Carbon Black, SentinelOne, Defender), and endpoint protection technologies.

• Lead the strategy and implementation of AI-driven security solutions, leveraging large language models (LLMs), machine learning, and automation to strengthen application security controls and accelerate secure software delivery.

• Evaluate, develop, and champion innovative uses of generative AI and machine learning to enhance application security operations, improve developer experience, and reduce security risk at scale.

• Bachelor’s Degree in Computer Science, Cybersecurity, Information Systems, or related field; or equivalent professional experience.

• Advanced degree preferred (MS, MBA, or related discipline).

• Industry-recognized certifications preferred (CISSP, CISM, CCSP, or similar).

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.

ABOUT US

At American Express, our culture is built on a 175-year history of innovation, shared values and Leadership Behaviors, and an unwavering commitment to back our customers, communities, and colleagues. From delivering differentiated products to providing world-class customer service, we operate with a strong risk mindset, ensuring we continue to uphold our brand promise of trust, security, and service.

As part of Team Amex, you’ll experience our powerful backing with comprehensive support for your holistic well-being and many opportunities to learn new skills, develop as a leader, and grow your career. Here, your voice and ideas matter, your work makes an impact, and together, you will help us define the future of American Express.