We Hire America - Veterans Jobs

Mobile We Hire America Veterans Logo
WeHireAmerica-Veterans.jobs is a service of HR Policy Foundation and DirectEmployers Association. These two non-profit organizations are providing this free resource to help educators, policy makers and job seekers understand the great employment opportunities available here in the U.S. at some of America's biggest and best companies.

Job Information

American Express Application Threat Modeling Engineer in St. Paul, Minnesota


You Lead the Way. We’ve Got Your Back.

At American Express, we know that with the right backing, people and businesses have the power to progress in incredible ways. Whether we’re supporting our customers’ financial confidence to move ahead, taking commerce to new heights, or encouraging people to explore the world, our colleagues are constantly redefining what’s possible - and we’re proud to back each other every step of the way. When you join #TeamAmex, you become part of a diverse community of over 60,000 colleagues, all with a common goal to deliver an exceptional customer experience every day.

American Express is seeking an Application Threat Modeling Engineer with proven strong technical competence in developing, building and maintaining secure design & secure coding patterns. The Application Threat Modeling Engineer serves as a subject matter expert in developing comprehensive security requirements across a diverse number of technology stacks. The Application Threat Modeling Engineer supports the security champion practice by evangelizing secure design and secure coding controls.

Primary Responsibilities

  • Design, develop and maintain comprehensive secure design patterns.

  • Design, develop and maintain secure coding standards.

  • Maintain, update and enhance threat libraries.

  • Socialize secure design patterns and secure coding standards with engineering teams.

  • Review issued threat based requirements with application owners to ensure identified requirements are implemented.

  • Perform ongoing governance and follow-through with application owners to ensure implementation of issued threat based requirements.

  • Assist application owners in filing appropriate security standard exceptions (Identity, Cryptography & Application Security) as identified through threat modeling.

  • Validate implementation of threat based countermeasures against outputs of scanning tools to enable auditability and verifiability.

  • Bring feedback loops to core team of threat modelers where customized or manual threat modeling may need to be invoked.

  • Assist application teams with threat modeling consultancy questions via Email and Slack.

  • Consistently enable strong developer and customer experience when liasing with application teams. Uphold Blue Box values when liasing with application teams.



  • Bachelor's degree in computer science, information systems, cybersecurity, or a related field.

Security and Technical Experience

  • Direct hands on experience with application threat modeling.

  • Direct hands on experience with threat modeling frameworks, attack vectors an vulnerability analysis: CAPEC, ATT&CK, STRIDE.

  • Direct hands on experience with application security controls (Web, API and Mobile).

  • Strong familiarity with IAM Controls (OAuth 2.0, OIDC, JWT).

  • Strong familiarity with Cryptography Controls (Data at rest, in motion).

  • Experience with Industry Standards and Frameworks: NIST 800-53, CSF, OWASP ASVS.

  • Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.

  • Experience with Java, Javascript and mobile application development.

  • Full stack knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases.

Preferred Security Certifications


Key Behaviors/Competencies

  • Self-directed, Confident Team Player

  • Strong Technical Thinker

  • Strong Planning, Execution and Collaborative skills

  • Communication skills — Good verbal and written communication skills. Ability to document risk and control summary artifacts that translates complex threat models into easy to read reports for the business.

  • Openness to Learning: Takes personal responsibility for learning and upskilling. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge. Engages in learning from others, inside and outside the organization.

  • Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances.

Employment eligibility to work with American Express in the U.S. is required as the company will not pursue visa sponsorship for these positions.

American Express is an equal opportunity employer and makes employment decisions without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, age, or any other status protected by law.

Job: Security

Primary Location: United States

Schedule Full-time


Req ID: 21022503