Leadership Solutions

Director, Security Operations and Incident Response


American Express


United States


The Director of Security Operations and Incident Response leads enterprise-wide efforts to provide 24x7 monitoring across the environment: identifying, containing, eradicating cyber security threats, and managing incidents. This position requires strong leadership and management experience of a globally dispersed team across two major locations. This role requires partnering with key stakeholders across the enterprise to improve our overall risk posture. This leader will also be responsible for overseeing activities that include automation and orchestration of operational playbooks. The Director of Security Operations and Incident Response is a high visibility role that can make a difference in maturing the security strategy and output of the organization.

The ideal candidate will be able to effectively manage multiple incidents, lead global team activities and deliverables, coordinate with a diverse set of partners and stakeholders, and contribute to executive communications to leaders across American Express. The Director of Security Operations and Incident Response will also be responsible for attracting and retaining industry-leading talent, developing long-term workforce plans, and driving continuous improvements within the program.


  • Direct American Express Security Operations Center and Incident Response teams
  • Build a world class team with the right people, processes, and technology to excel in monitoring, investigations, incident response, and mitigating threats
  • Serve as a lead incident handler: guiding actions to fully scope incidents, making recommendations to contain, eradicate, and recover from threats
  • Drive Digital Forensics and Incident Response (DFIR) progress through innovation and automation

Please see complete job description online.


Minimum Qualifications:

  • Passion for cyber security, incident response, and deceive, disrupt, or deny adversary operations
  • 5+ years of experience in incident/crisis management at a state, federal, cybersecurity services company, or major corporate level
  • Experience acting as an incident commander at a state, federal, cybersecurity services company, or major corporate level
  • Expert in incident handling, investigating advanced intrusions, host, and network forensics
  • Expertise responding to security events including: hacktivist, organized crime, and Advanced Persistent Threat (APT) activity
  • Theoretical and practical security knowledge with Mac, Linux, and Windows operating systems, as well as cloud environments
  • Theoretical and practical knowledge of Incident Response lifecycles and Incident Handling (NIST, SANS)
  • Ability to convey complex technical concepts to audiences with varying levels of technical ability
  • Experience with the MITRE ATT&CK Framework
  • Desire to grow and expand both technical and soft skills
  • After hours escalations and on-call responsibilities can be expected

Preferred Qualifications:
  • GIAC Certifications including, but not limit to: GCIH, GCFA, GCIA, GDAT, GSLC
  • Ability to gather stakeholders and incorporate that into response strategies that support business outcomes
  • Demonstrate organizational and management skillset
  • Demonstrate strong written, and oral communication skillset

How to Apply:

Apply online