Application Security Manager

India - Virtual Location

American Express Global Business Travel

View company page

Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.


Ready to explore a career path? Start your journey.

AmexGBT is seeking an Application Security Manager to manage a team of pen-testers, continuously evolve our security and pen-testing strategy to strengthen our security posture, assist the Director of Application Security with strategic planning, and create metrics to demonstrate your team’s performance.

What You’ll do on a Typical Day :-

  • Effectively manage multiple pen test engagements end-to-end, keeping them on schedule and resolving blockers when needed.
  • Demonstrate strong organizational skills with accurate and timely documentation of tickets
  • Can plan, facilitate, and lead customer meetings effectively while acting as the face of the company
  • Can negotiate effectively with internal teams, external researchers, and customers to keep everyone aligned.
  • Deliver results promised to customers and ensure consistent messaging throughout engagements
  • Set expectations of delivery content and timelines with customers.
  • Set up programs including writing test briefs, setting scoped assets, credentials, inviting stakeholders and researchers.
  • Keep on top of administrative duties.
  • Maintain relationships acting as a liaison between them and their engagements.
  • Facilitate the delivery of pen test report readouts for customers. ​

What We’re looking for:

  • Any form of project management education or cybersecurity preferred.
  • Ability to manage communications with an engagement’s resources for project status updates, troubleshooting, and day-to-day activities.
  • Birds-eye-view understanding of all vulnerability classes in the OWASP Top 10
  • Decent awareness around the offsec space.
  • Ability to scope web-based pen tests accurately and independently.
  • Ability to research and quickly understand at a high level how a in-scope asset (ie. web application) works from a business context, as well as the tech-stack it’s built within.
  • Can differentiate between web, cloud, and infrastructure testing and the researcher requirements for testing each type (i.e. Postman Collections for API tests).
  • Has experience and/or qualifications in one or more technical domains (ie. programming, networks, cybersecurity).
  • Willingness to ask questions and demonstrates the ability to learn as they go.
  • Can explain at a high-level various pen-testing concepts (eg. The difference between black-box and white-box testing).
  • Has experience with some hacking concepts through use of hands-on practice labs or shadowing real-life engagements, and seeks opportunities to advance practical technical prowess.
  • Requires little to no supervision during daily work activities – does not wait to be told what to do.
  • Prioritizes competing responsibilities and manages their time well, factoring in multiple time-zones.
  • Follows up consistently on requests they have made, and offers support to expedite resolutions.



India - Virtual Location


The #TeamGBT Experience

Work and life: Find your happy medium at Amex GBT.

  • Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and more.

  • Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.

  • Develop the skills you want when the time is right for you, with global tuition assistance, access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.

  • We strive to champion Diversity, Equity, and Inclusion in every aspect of our business at GBT. You can connect with colleagues through our global Inclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.

  • Wellbeing resources to support mental and emotional health for you and your immediate family.

  • And much more!

All qualified applicants will receive equal consideration for employment without regard to age, gender identity (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, race, color, religion, creed, national origin, disability, veteran status, citizenship or marital status. It is our policy to maintain an equal-opportunity environment free from intimidation, harassment or bias for our candidates, colleagues, clients and suppliers.

We are committed to providing reasonable accommodation to individuals with disabilities. Please, let your recruiter know if you need an accommodation at any point during the hiring process. For more details, please consult GBT Recruitment Privacy Statement.

What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: APIs Application security Cloud OWASP PostMan Privacy Strategy

Perks/benefits: Career development Flex hours Health care Insurance Medical leave Parental leave Startup environment

Regions: Remote/Anywhere Asia/Pacific
Country: India
Job stats:  48  28  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.