Demo

Manager - CyberOps & Assurance-Incident Response

American Express
Charlotte, NC Full Time
POSTED ON 6/25/2026
AVAILABLE BEFORE 7/23/2026
Job Description

At American Express, our mission is to deliver the world’s best customer experience every day. At the heart of this mission is our Information Security organization, enabling exceptional experiences built on a foundation of trust, service, and security. We leverage advanced technologies and data-driven insights to stay ahead of an evolving threat landscape. We foster a culture of passion, curiosity, and courage—empowering you to innovate, grow, and help shape the future of a Fortune 100 company.

Trust. Service. Security.

American Express seeks to recruit a passionate and experienced Leader for its Incident Response team. This is a senior-level, hands-on, highly technical role performing incident response activities ranging from pre-incident preparation, active incident response, and post-incident analysis and recovery. You will be a key technical resource conducting investigations, performing advanced analysis, identifying attacker TTPs, building attack narratives, and executing response actions.

As part of our evolution toward a Next Generation Agentic SOC, this role will also help drive the adoption of AI-enabled security operations, intelligent automation, and autonomous analyst workflows. The ideal candidate combines deep incident response expertise with curiosity and practical experience in AI-assisted detection, security automation, and modern SOC engineering practices.

You are a motivated leader who will directly manage, mentor, and develop a team of SOC analysts while driving the people, processes, and technology that empower the team to investigate sophisticated threats at scale. This role requires critical thinking, innovative problem solving, technical leadership, people leadership, and effective communication across both technical and executive audiences.

Responsibilities

People Leadership & Team Development

  • Directly lead and manage a team of SOC analysts, including hiring, onboarding, day-to-day supervision, performance management, and career development, fostering a high-performing and engaged team culture.
  • Conduct regular 1:1s, performance reviews, and goal-setting with direct reports; provide timely, constructive feedback and coaching to accelerate individual and team growth.
  • Mentor and develop junior and mid-level analysts, building technical skills, investigative rigor, and professional capabilities across the team; create clear career progression pathways from Tier 1 through senior roles.
  • Manage shift schedules, on-call rotations, and workload distribution to ensure 24×7 operational coverage while proactively mitigating analyst burnout and maintaining team morale.
  • Drive a culture of continuous learning by identifying training opportunities, encouraging pursuit of industry certifications (e.g., GCIH, GCFA, GCIA), facilitating hands-on exercises (e.g., Immersive Labs, tabletop exercises), and championing knowledge-sharing across the team.
  • Recruit and retain top talent by partnering with HR and hiring managers to define role requirements, conduct interviews, and build a diverse and skilled analyst pipeline.

Incident Response & Technical Operations

  • Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations and escalations from junior analysts across Windows, Mac, Linux, Cloud, SaaS, and hybrid environments.
  • Participate in incident response, cyber crisis management, and enterprise-wide security events.
  • Advise leadership on containment, eradication, and recovery strategies during incident response.
  • Fully scope incidents through proper identification of all affected systems, identities, applications, and/or accounts.
  • Recognize attacker tactics, techniques, and procedures (TTPs) as well as Indicators of Compromise (IOCs) and Indicators of Attack (IOAs) applicable to current and future investigations.
  • Serve as a technical escalation point for the analyst team, providing real-time guidance on complex or high-severity investigations and ensuring quality and consistency of investigative outputs.
  • Contribute to team projects, process improvement, and development of new security operations capabilities.
  • Help curate a world-class security operations and incident response program with a relentless focus on innovation, intelligent automation, and continuous improvement.
  • Assess and develop incident response best practices to help mature the overall security operations and AI-assisted defense capabilities of the organization.
  • Produce high-quality written and verbal reports, recommendations, executive briefings, and technical findings.
  • Participate in on-call rotation and provide after-hours support on an as-needed basis.

AI-Enabled Security Operations & Automation

  • Partner with detection engineering, threat intelligence, data science, and security engineering teams to operationalize AI-driven detection and response capabilities.
  • Assist in the design, tuning, and oversight of AI-enabled SOC workflows, analyst copilots, and autonomous or semi-autonomous response agents.
  • Develop and optimize prompts, workflows, and guardrails for large language model (LLM) and AI-agent-assisted investigations and triage processes.
  • Evaluate and validate AI-generated investigative outputs to ensure operational accuracy, reliability, explainability, and security.
  • Help identify opportunities to leverage AI/ML, orchestration, and automation technologies to reduce analyst toil and accelerate response times.
  • Participate in development and integration of SOAR playbooks, AI-assisted enrichment pipelines, and security automation frameworks.
  • Contribute to AI governance and operational risk management efforts related to AI-enabled security tooling and workflows.
  • Champion AI adoption within the team by training analysts on AI-assisted tools and workflows, gathering analyst feedback to drive iterative improvements, and ensuring responsible use aligned with organizational governance.
  • Stay current on industry trends, attack techniques, AI-enabled threats, adversarial AI risks, mitigation techniques, and emerging security technologies

Qualifications

  • 3 years of experience in information security, security operations, incident response, threat hunting, or cyber defense.
  • Experience with host, network, and/or memory forensics.
  • Experience with various network and/or host-based security tools used to detect and respond to security events (e.g., SIEM, EDR, NDR, SOAR, web proxy, IDS/IPS, cloud-native security platforms, etc.).
  • Theoretical and practical security knowledge and investigation experience with Mac, Linux, Windows, and cloud environments.
  • Strong understanding of incident response lifecycles, attacker methodologies, and cyber kill chain concepts.
  • Experience performing analysis of complex security incidents in enterprise environments.
  • Familiarity with scripting or programming languages such as Python, PowerShell, Go, or similar.
  • Ability to convey complex technical concepts to audiences with varying levels of technical expertise.
  • Strong analytical, investigative, documentation, and communication skills.
  • Demonstrated curiosity and adaptability toward emerging AI-enabled security technologies and workflows.
  • Demonstrated ability to lead, motivate, and develop technical teams in high-tempo, operationally demanding environments.
  • Strong interpersonal and conflict-resolution skills, with the ability to foster a collaborative, inclusive, and psychologically safe team environment.

Preferred

  • 1 years of experience in a people leadership, team lead, or supervisory role, including direct responsibility for coaching, mentoring, or managing technical staff.
  • Experience working within a modern SOC leveraging AI-assisted analysis, security automation, and/or SOAR technologies.
  • Familiarity with AI/ML concepts and practical applications within cybersecurity operations.
  • Experience with prompt engineering, LLM-assisted workflows, or AI copilots for security investigations and operational efficiency.
  • Understanding of AI agent architecture, orchestration frameworks, retrieval-augmented generation (RAG), vector databases, or autonomous workflow concepts.
  • Experience integrating APIs, automation pipelines, or AI-enabled tooling into SOC workflows.
  • Knowledge of adversarial AI threats, prompt injection risks, model misuse, or AI security governance principles.
  • Experience building or operationalizing automated detection, enrichment, triage, or response capabilities.
  • Knowledge and investigation experience in a global, multi-cloud environment.
  • Experience with detection engineering, threat hunting, or behavioral analytics.
  • Familiarity with cloud-native security technologies and telemetry sources.
  • Multiple applicable certifications (GSE, GDAT, GCIA, GCIH, GCFA, GNFA, GCFE, GREM, CCSP, CISSP, CEH, etc.).
  • AI-related certifications or hands-on experience with enterprise AI platforms, orchestration frameworks, or automation tooling.
  • Experience managing performance cycles, conducting calibrations, and building talent development plans within a security operations or SOC environment.
  • Experience managing geographically distributed or shift-based teams supporting 24×7 operations.

Employment eligibility to work with American Express in the United States is required as the company will not pursue visa sponsorship for these positions.

Salary : $123,000 - $215,250

If your compensation planning software is too rigid to deploy winning incentive strategies, it’s time to find an adaptable solution. Compensation Planning
Enhance your organization's compensation strategy with salary data sets that HR and team managers can use to pay your staff right. Surveys & Data Sets

What is the career path for a Manager - CyberOps & Assurance-Incident Response?

Sign up to receive alerts about other jobs on the Manager - CyberOps & Assurance-Incident Response career path by checking the boxes next to the positions that interest you.
Income Estimation: 
$115,647 - $153,495
Income Estimation: 
$186,685 - $265,377
Income Estimation: 
$102,189 - $143,024
Income Estimation: 
$123,246 - $161,441
Income Estimation: 
$135,994 - $168,063
Income Estimation: 
$161,209 - $233,553
Employees: Get a Salary Increase
View Core, Job Family, and Industry Job Skills and Competency Data for more than 15,000 Job Titles Skills Library

Job openings at American Express

  • American Express Phoenix, AZ
  • Job Description Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and bu... more
  • 1 Day Ago

  • American Express Phoenix, AZ
  • Job Description Global Merchant & Network Services (GMNS) brings together American Express' merchant-and network related businesses to enable a sharp focus... more
  • 1 Day Ago

  • American Express Phoenix, AZ
  • Job Description Joining Amex Tech means discovering and shaping your contribution to something big. Here, you can work alongside talented tech teams and bu... more
  • 1 Day Ago

  • American Express Phoenix, AZ
  • Job Description American Express Travel Related Services Company, Inc. seeks Cybersecurity Engineers to design, develop, test, and debug software applicati... more
  • 1 Day Ago


Not the job you're looking for? Here are some other Manager - CyberOps & Assurance-Incident Response jobs in the Charlotte, NC area that may be a better fit.

  • Check Point Software Charlotte, NC
  • Why Join Us? As the world’s leading vendor of Cyber Security, facing the most sophisticated threats and attacks, we’ve assembled a global team of the most ... more
  • 1 Day Ago

  • Assurance Dimensions Charlotte, NC
  • Assurance Dimensions is hiring! Assurance Dimensions is an independent, full-service accounting and advisory firm delivering assurance and advisory solutio... more
  • 1 Month Ago

AI Assistant is available now!

Feel free to start your new journey!