Application Security Manager
India - Virtual Location
American Express Global Business Travel
Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
Ready to explore a career path? Start your journey.
AmexGBT is seeking an Application Security Manager to manage a team of pen-testers, continuously evolve our security and pen-testing strategy to strengthen our security posture, assist the Director of Application Security with strategic planning, and create metrics to demonstrate your team’s performance.
What You’ll do on a Typical Day :-
- Effectively manage multiple pen test engagements end-to-end, keeping them on schedule and resolving blockers when needed.
- Demonstrate strong organizational skills with accurate and timely documentation of tickets
- Can plan, facilitate, and lead customer meetings effectively while acting as the face of the company
- Can negotiate effectively with internal teams, external researchers, and customers to keep everyone aligned.
- Deliver results promised to customers and ensure consistent messaging throughout engagements
- Set expectations of delivery content and timelines with customers.
- Set up programs including writing test briefs, setting scoped assets, credentials, inviting stakeholders and researchers.
- Keep on top of administrative duties.
- Maintain relationships acting as a liaison between them and their engagements.
- Facilitate the delivery of pen test report readouts for customers.
What We’re looking for:
- Any form of project management education or cybersecurity preferred.
- Ability to manage communications with an engagement’s resources for project status updates, troubleshooting, and day-to-day activities.
- Birds-eye-view understanding of all vulnerability classes in the OWASP Top 10
- Decent awareness around the offsec space.
- Ability to scope web-based pen tests accurately and independently.
- Ability to research and quickly understand at a high level how a in-scope asset (ie. web application) works from a business context, as well as the tech-stack it’s built within.
- Can differentiate between web, cloud, and infrastructure testing and the researcher requirements for testing each type (i.e. Postman Collections for API tests).
- Has experience and/or qualifications in one or more technical domains (ie. programming, networks, cybersecurity).
- Willingness to ask questions and demonstrates the ability to learn as they go.
- Can explain at a high-level various pen-testing concepts (eg. The difference between black-box and white-box testing).
- Has experience with some hacking concepts through use of hands-on practice labs or shadowing real-life engagements, and seeks opportunities to advance practical technical prowess.
- Requires little to no supervision during daily work activities – does not wait to be told what to do.
- Prioritizes competing responsibilities and manages their time well, factoring in multiple time-zones.
- Follows up consistently on requests they have made, and offers support to expedite resolutions.
Location
India - Virtual Location
The #TeamGBT Experience
Work and life: Find your happy medium at Amex GBT.
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and more.
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with global tuition assistance, access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Diversity, Equity, and Inclusion in every aspect of our business at GBT. You can connect with colleagues through our global Inclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
Wellbeing resources to support mental and emotional health for you and your immediate family.
And much more!
All qualified applicants will receive equal consideration for employment without regard to age, gender identity (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, race, color, religion, creed, national origin, disability, veteran status, citizenship or marital status. It is our policy to maintain an equal-opportunity environment free from intimidation, harassment or bias for our candidates, colleagues, clients and suppliers.
We are committed to providing reasonable accommodation to individuals with disabilities. Please, let your recruiter know if you need an accommodation at any point during the hiring process. For more details, please consult GBT Recruitment Privacy Statement.
What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Cloud OWASP PostMan Privacy Strategy
Perks/benefits: Career development Flex hours Health care Insurance Medical leave Parental leave Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open PowerShell-related jobs
- Open SQL-related jobs