Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and build a unique career with the Powerful Backing of American Express. With a range of opportunities to work with the latest technologies, and a commitment to back the broader engineering community through open source, our mission is to power your success. Because Amex Tech is powered by our technology, our culture, and our colleagues.
The Technology organization enables and accelerates the company’s growth strategies, delivering global capabilities and services in support of Amex’s customers and colleagues, while maintaining 24/7 servicing and availability to ensure an uninterrupted, high-quality customer experience. Technology provides the foundation for everything we do in the company while driving differentiation through building and leveraging innovative technology and data insights.
At American Express, our mission is to deliver the world’s best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage—empowering you to innovate, grow, and help shape the future of a Fortune 100 company.
Trust. Service. Security.
American Express is seeking a Director of Cyber Threat Intelligence to lead the enterprise CTI function responsible for generating timely, actionable intelligence that directly informs cybersecurity operations, risk management, and control design. The Cyber Threat Intelligence team operates an end-to-end intelligence lifecycle that transforms internal and external threat data into decision-relevant intelligence to support proactive risk identification, incident response, and strategic prioritization.
As part of the evolving Cybersecurity Operations model, this role is focused on intelligence generation, enterprise threat modeling, and intelligence-driven control design input. This role is explicitly focused on intelligence production, prioritization, threat modeling, and control enhancement recommendations, and does not own execution of cyber threat remediation or defense enablement activities. The function is accountable for ensuring intelligence drives measurable security outcomes through prioritization, detection alignment, control enhancement, and clear handoff to downstream execution teams. This role will also lead the evolution of CTI into an agentic intelligence capability, operating a hybrid model of human analysts, AI-enabled intelligence pipelines, and supporting platform engineering capabilities. AI-driven collection, enrichment, and analysis pipelines will scale intelligence production, improve speed and coverage, and enhance consistency, while human analysts remain accountable as decision authorities and quality gates over intelligence outputs.
The CTI team provides tactical and operational intelligence to Security Operations and Incident Response, strategic intelligence to leadership to inform risk prioritization and investment decisions, and continuous intelligence support during active events and emerging threats. The team operates with defined processes, governance, and quality standards to ensure intelligence is timely, accurate, and actionable, while collaborating closely with cybersecurity operations teams to continuously refine outputs. Lead the collection, analysis, and dissemination of actionable cyber threat intelligence aligned to business risk and operational priorities
- Deliver executive-level intelligence briefings and reporting on adversary activity, emerging threats, and enterprise exposure
- Own and operate the enterprise CTI-driven threat modeling capability as a primary function, maintaining a current adversary model and embedding intelligence directly into architecture, engineering, and security control design
- Ensure intelligence outputs translate into specific, actionable control enhancement recommendations, with clear handoff and traceability to downstream execution teams
- Ensure adversary behavior and intelligence insights directly inform control design and security architecture where applicable
- Drive integration of threat intelligence into detection engineering, threat hunting, incident response, and vulnerability prioritization workflows
- Establish and enforce intelligence product standards, quality controls, and reporting cadence to ensure consistency and decision relevance
- Lead the transformation of CTI into a scaled, agentic intelligence function that integrates human analysts, AI-enabled pipelines, and platform engineering capabilities with defined quality controls
- Oversee development and continuous improvement of agent-driven intelligence pipelines (e.g., IOC extraction, TTP mapping, summarization, prioritization)
- Define and enforce human-in-the-loop validation processes to ensure accuracy, context, and reliability of intelligence outputs
- Establish closed-loop feedback mechanisms between analysts, automation capabilities, and consuming teams to continuously improve intelligence quality, agent performance, and operational relevance
- Ensure intelligence outputs are structured, consumable, and effectively actioned across cybersecurity operations and risk management functions
- Lead and develop a geographically distributed CTI team while defining operating model, roles, and areas of responsibility
- Maintain relationships with intelligence-sharing communities and oversee sourcing from internal, commercial, and open intelligence feeds
Basic Qualifications
- Extensive experience in cyber threat intelligence, intelligence analysis, or related cybersecurity disciplines
- Deep understanding of adversary tactics, techniques, and procedures (TTPs) and threat ecosystem
- Proven experience leading intelligence programs or cybersecurity functions
- Demonstrated ability to translate threat intelligence into operational or risk outcomes
- Strong executive communication skills with ability to deliver briefings to senior leadership
- Experience with intelligence-driven defense models and threat modeling frameworks
- Experience working with intelligence community (IC), financial sector, or critical infrastructure environments
- Experience integrating intelligence into detection engineering, incident response, or red team operations
- Experience designing or operating automated or agent-driven intelligence workflows
- Familiarity with AI/ML or LLM-based cybersecurity applications and human-in-the-loop AI governance
- Experience leading large-scale program transformation or operating model redesign
- Bachelor’s degree in Intelligence, International Relations, Engineering, Computer Science, Business Management or Technology related fields OR at least 10 years of relevant experience
Preferred Qualifications
- Experience with intelligence-driven defense models and threat modeling frameworks
- Experience working with intelligence community (IC), financial sector, or critical infrastructure environments
- Experience integrating intelligence into detection engineering, incident response, or red team operations
- Experience designing or operating automated or agent-driven intelligence workflows
- Familiarity with AI/ML or LLM-based cybersecurity applications and human-in-the-loop AI governance
- Experience leading large-scale program transformation or operating model redesign
- Bachelor’s degree in Intelligence, International Relations, Engineering, Computer Science, Business Management or Technology related fields OR at least 10 years of relevant experience
Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions