Information Security Analyst Intern Summer 2024 - Toronto, Canada - Amex

Amex

Verified Company

Toronto, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

You Lead the Way. We've Got Your Back.
With the right backing, people and businesses have the power to progress in incredible ways.

When you join Team Amex, you become part of a global and diverse community of colleagues with an unwavering commitment to back our customers, communities and each other.

Here, you'll learn and grow as we help you create a career journey that's unique and meaningful to you with benefits, programs, and flexibility that support you personally and professionally.

At American Express, you'll be recognized for your contributions, leadership, and impact—every colleague has the opportunity to share in the company's success.

Together, we'll win as a team, striving to uphold our company values and powerful backing promise to provide the world's best customer experience every day.

And we'll do it with the utmost integrity, and in an environment where everyone is seen, heard and feels like they belong.

Join Team Amex and let's lead the way together.

As part of our diverse tech team, you can architect, code and ship software that makes us an essential part of our customers' digital lives.

Here, you can work alongside talented engineers in an open, supportive, inclusive environment where your voice is valued, and you make your own decisions on what tech to use to solve challenging problems.

Amex offers a range of opportunities to work with the latest technologies and encourages you to back the broader engineering community through open source.

And because we understand the importance of keeping your skills fresh and relevant, we give you dedicated time to invest in your professional development.

Find your place in technology on #TeamAmex

Information Security Analyst Intern Summer 2024
How will you make an impact in this role?

What type of work can you expect to do in Information Security at American Express?

Application, Infrastructure and Network Security
Drive risk reduction through the rapid identification and remediation of vulnerabilities across the enterprise
Deliver secure solutions that enable secure operations and highly available products and services for our customers
Threat Modeling, Secure Design, Secure Coding, Application Hardening, DAST, SAST, SCA, RASP
Governance, Risk, Compliance
Bridge traditional boundaries between cyber and IT risk and expanding partnerships with IT and the business to drive risk reduction in the enterprise
Innovate Risk Management through enhancements in tooling and automation of processes; expand the capabilities of technology risk management
Extend risk management and control expertise beyond the information security domains into IT development organizations and the business
Identify and help mitigate IT and information security risk across people, processes, and technologies.
Security Incident Response/Threat Intelligence
Act as the front line of defense at American Express protecting the brand, employees, assets and card members across the globe against threats 24/7/36
Minimize risk of cyberattacks and focus on detection and response to threats
Monitor, detect, and respond to security events and incidents that affect AXP globally
Data Loss Prevention
Protect our customers, partners, and colleagues from the loss of sensitive information through normal business processes and/or malicious actors
Monitor and block sensitive data loss where legally permissible
Identity and Access Management/Authentication
Provide authentication, authorization, and full lifecycle management capabilities
Reduce, manage, and monitor risk associated with identity and access to AXP resources
Cryptography/Encryption Services
Protect all forms of sensitive information, on all platforms, resulting in protection of the Brand and information assets, and regulatory compliance
Drive continuous enhancement to data protection

Minimum Qualifications:

Indepth knowledge of cyber threats along with common security controls, detection capabilities, and other practices / solutions for securing digital environments.
Application Development experience in Java/JEE, Spring & MVC concepts, NodeJS / Go / Python / Kotlin, HTML/CSS, JavaScript, ReactJS, Redux, DevOps
Git, Maven/Gradle, Databases etc.
Understanding of what information or assets are of value to threat actors and how organizations are breached.
Indepth understanding of modern technical security controls (i.e. firewalls, SIEMS, IPS, HIPS, web proxies, Threat Model, DAST, SAST).
Must have strong verbal and written communication skills; interpersonal collaborative skills; and the ability to communicate security and riskrelated concepts to technical and nontechnical audiences.

Preferred Qualifications:

Current enrollment in Cyber Security, Computer Science, Software Engineering, Information Systems, or related field preferred
Understanding on Application Security, OWASP Top 10 (Web, API. mobile), Cloud Security, DevSecOps