Remote Information Security Threat Detection Specialist – Advanced SIEM Rule Development, Incident Response & Cyber Threat Intelligence Partner (Work‑From‑Home)

```html Why Join American Express – A Global Leader in Digital InnovationAmerican Express (Amex) isn’t just a financial services powerhouse; it’s a technology‑driven ecosystem that empowers millions of customers around the world to conduct business, travel, and everyday transactions with confidence. Our commitment to security, reliability, and exceptional customer experience makes us a trailblazer in the industry. As a member of the Team Amex community, you’ll be part of a diverse, inclusive, and purpose‑focused organization where your ideas are heard, your growth is nurtured, and your impact is measured in the safety and satisfaction of millions of users worldwide.We pride ourselves on fostering a workplace where innovation meets integrity. Whether you thrive in a fully remote setting, a hybrid environment, or an on‑site office, Amex offers the flexibility you need to balance personal priorities with professional ambition. Our culture celebrates curiosity, collaboration, and continuous learning—values that are especially vital in the fast‑evolving field of information security.Position Overview – Your Role as a Remote Information Security Threat Detection SpecialistAs a Remote Information Security Threat Detection Specialist , you will become a pivotal member of the Threat Detection and Hunt (TDH) team, shaping the way American Express identifies and mitigates cyber threats. Your day‑to‑day responsibilities will center on correlating massive, multi‑source data streams, crafting sophisticated SIEM detections, and collaborating closely with Cyber Threat Intelligence, Cyber Detection Engineering, and Incident Response teams. This role is ideal for professionals who possess a deep analytical mindset, a proven record of developing high‑impact detection content, and a passion for staying ahead of adversaries.Key Responsibilities – What You’ll Do Every Day• Threat Intelligence Collaboration: Partner with the Cyber Threat Intelligence team to ingest emerging threat feeds, vulnerability disclosures, and adversary tactics, turning raw intel into actionable detection requirements.• MITRE ATT&CK Mapping: Conduct basic threat modelling across common environments, mapping identified adversary techniques to the MITRE ATT&CK framework to uncover detection gaps.• Telemetry Definition: Work hand‑in‑hand with platform owners and Cyber Data Engineering to define and enhance the telemetry needed for new detection scenarios, ensuring visibility across endpoints, network devices, cloud platforms, and third‑party services.• Deep‑Dive Log Analysis: Perform forensic examination of log files, network captures, and malicious artifacts to uncover patterns, indicators of compromise (IOCs), and novel attack vectors.• Data Trend Identification: Leverage large‑scale data analytics to spot anomalies, trends, and outliers that may indicate malicious activity, employing statistical methods and machine‑learning fundamentals where appropriate.• Detection Rule Development: Write, test, document, and maintain custom detection queries and SIEM rules in a chosen platform (e.g., Splunk, Elastic, QRadar), ensuring high fidelity while minimizing false positives.• Content Lifecycle Management: Own the end‑to‑end lifecycle of detection content—design, prototype, test, roll out, monitor performance, and iterate based on feedback from Incident Response and Red‑Team engagements.• Cross‑Team Knowledge Sharing: Deliver regular briefings, detection playbooks, and training sessions to SOC analysts, engineers, and stakeholders, fostering a shared understanding of emerging threats.• Continuous Improvement: Participate in post‑incident reviews and “lessons learned” sessions, translating findings into refined detection logic and enhanced security controls.Essential Qualifications – What We Require• Experience: Minimum 7 years of hands‑on experience in Incident Response, Threat Detection, or Threat Hunting within a Security Operations Center (SOC) or security engineering environment.• Technical Foundations: Strong knowledge of information security principles, operating system internals, network topology, and authentication technologies (e.g., Active Directory, RACF).• SIEM Expertise: Advanced rule‑writing and query development experience in at least one major SIEM platform (Splunk, Elastic, QRadar, etc.), including content testing, implementation, and revision cycles.• Analytical Acumen: Proven ability to dissect complex log data, identify malicious patterns, and translate raw data into meaningful security alerts.• Scripting Skills: Proficiency in at least one scripting language (Python, PowerShell, Bash, etc.) for automation, data parsing, and custom detection development.• Communication: Exceptional verbal and written communication skills, capable of articulating technical concepts to both technical and non‑technical audiences.• Education: Bachelor’s degree in Computer Science, Computer Engineering, Information Security, or a related discipline, or equivalent pr Apply tot his job Apply To this Job