Amex GBT is a place where colleagues find inspiration in travel as a force for good and – through their work – can make an impact on our industry. We’re here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
The Red Team Security Tester will be a key contributor to our newly established Red Team, responsible for executing end-to-end adversarial assessments, controlled offensive security operations, and collaborative Purple Team exercises. This role is ideal for a security professional with strong offensive security experience who is equally passionate about improving defensive capabilities, supporting Incident Response (IR), and strengthening enterprise-wide detection and response.
The candidate must be able to quickly contribute value by performing technical testing, analyzing complex environments, and collaborating with Blue Team partners to help mature our cybersecurity posture across a global, highly distributed travel and hospitality technology enterprise.
What You’ll Do:
- Plan and implement full-scope Red Team engagements, including reconnaissance, exploitation, persistence, lateral movement, and reporting.
- Perform scenario-based and atomic testing aligned with MITRE ATT&CK to emulate realistic adversary behaviors.
- Conduct targeted assessments across on-prem and cloud environments (primarily AWS, Azure a plus).
- Use a variety of offensive tools, frameworks, and custom scripts to achieve objectives (e.g., Sliver, Cobalt Strike equivalents, Burp Suite, BloodHound, common Kali Linux tooling).
- Document findings with clear evidence, impact analysis, and guidance.
What We’re Looking For:
- 6+ years of offensive security experience, including Red Teaming, penetration testing, or adversary emulation.
- Solid grasp of common offensive tooling (Kali toolset, Burp Suite, C2 frameworks, enumeration/exploitation tools)
- Active Directory security concepts and charge paths (BloodHound, Kerberoasting, credential theft, etc.)
- MITRE ATT&CK framework, and adversary TTP's.
- Experience implementing end-to-end charges across diverse enterprise environments.
- Hands-on experience with AWS cloud environments (IAM, networking, common configurations).
- Ability to write or modify scripts in Python, PowerShell, or Bash.
Location
United States
The US national base salary range for this position is from
$104,300.00 - $193,700.00The national range provided includes the base salary that Amex GBT expects to pay for the role. Actual base salary will be based on factors including the scope and complexity of the role and the successful candidate’s relevant experience, skills, knowledge, and work location.
In addition to base salary, the anticipated range of which is posted above, this role is eligible for a discretionary annual bonus, which rewards participants based on company and individual performance.
For information about our comprehensive US benefits programs and eligibility, please review our Benefits-at-a-Glance document.
Benefits at a glance
The #TeamGBT Experience
Work and life: Find your happy medium at Amex GBT.
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family.
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
And much more!
All applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.
Click Here for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.
Furthermore, we are committed to providing reasonable accommodation to qualified individuals with disabilities. Please let your recruiter know if you need an accommodation at any point during the hiring process. For details regarding how we protect your data, please consult the Amex GBT Recruitment Privacy Statement.
What if I don’t meet every requirement? If you’re passionate about our mission and believe you’d be a phenomenal addition to our team, don’t worry about “checking every box;" please apply anyway. You may be exactly the person we’re looking for!
Similar Jobs
.png)
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
