Skip to main contentA logo with &quat;the muse&quat; in dark blue text.
Capital One

Application Security Engineer, Manager

Plano, TX

Plano Town Center (31064), United States of America, Plano, Texas

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Want more jobs like this?

Get jobs in Plano, TX delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.

Application Security Engineer, Manager

Information Security Officer - Application Security – Manager

Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients. Ranked #124 on the Fortune 500, Capital One is one of the nation’s top 10 banks and has one of the most widely recognized brands in America. We nurture a work environment where people with a variety of thoughts, ideas and backgrounds, guided by our shared values, come together to make Capital One a great company and a great place to work.

Security is essential to what we do at Capital One, from protecting our customers to our associates. As Application Security subject matter expert, you are passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process. You work with the business to understand their goals and objectives and help them meet those goals and objectives in a secure manner. At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management. You will ensure Capital One applications are built with security at the forefront. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other security groups within Capital One to push the envelope. You will lead a team of dynamic and talented Information Security individuals who want to learn from your experience and skills.

Responsibilities:

  • Provide ad-hoc penetration testing and retesting support
  • Review application penetration test findings with the application owner and work to eliminate or remediate risks associated with those findings
  • Teach web application security trainings for web developers that cover common vulnerabilities
  • Champion the adoption of Application Security testing tools and procedures
  • Maintain a deep understanding of Capital One’s Application Security Framework
  • Understand and communicate Application Security Best Practices and Secure Application Development
  • Work closely with business Agile teams to promote secure code development by providing security requirements throughout the development process
  • Act as a central point of contact for your line of business to the rest of Capital One’s Information Security, Fraud and Compliance teams
  • Integrate security tools for dynamic and static testing, Information Security Standards and processes, into the product or application lifecycle
  • Integrating threat modeling practices into the product life cycle
  • Promote security awareness by participating in Agile Release Trains and daily S2s
  • Support Vendor Security activities to ensure 3rd party software, including mobile applications, and development meet Capital One Information Security standards
  • Regularly review Capital One Security Metrics, report the state of application Security, against Capital One Standards, and communicate that information to the Application Owner
  • Ensure new applications are accounted for and enrolled in the Application Security Process
  • Influence customers to leverage security offerings, as well as, escalate to management when concerns arise
  • Provide ad hoc support on special Information Security hot topics for the business
  • Be able to bridge the gap of technical risk and business impact and communicate appropriately to both audiences

About You:

  • You have excellent communication and presentation skills to executive leadership
  • You have excellent problem solving, critical thinking, and analytic skills
  • You can effectively work with your peers to collaborate and share experiences
  • You are able to work well under minimal supervision
  • You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors

Basic Qualifications:

  • High School Diploma, GED, equivalent certification
  • At least 3 years of experience managing and/or consulting in Information Security
  • At least 3 years of exposure to OWASP Top 10, CWE/SANS 25, or WASC TV2
  • At least 3 years of experience performing manual penetration tests
  • At least 3 years of experience with common web application testing tools: BURP, ZAP, WebInspect, AppScan, Fortify
  • At least 2 years of experience with performing risk assessments, secure network architecture, and vulnerability management
  • At least 2 years of experience coding web applications
  • At least 2 years of experience remediating web application vulnerabilities

Preferred Qualifications:

  • At least 4 years of Information Security experience supporting the Financial Services sector
  • At least 5 years of experience manually pen testing web applications
  • At least one year of experience in Cloud Security
  • At least one year of experience in performing Application Security for Agile environments
  • Certification in the field of Information Security (CISSP, CISM, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)

Primary Location: Plano, TX

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

No agencies please. Capital One is an Equal Opportunity Employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to gender, race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status protected by applicable national, federal, state or local law Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City’s Fair Chance Act; Philadelphia’s Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.
If you require an accommodation to apply for a job or to perform a job, please contact Capital One Recruiting at 1-800-304-9102 or RecruitingAccommodation@capitalone.com.

All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Job ID:
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Health Reimbursement Account
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA
    • FSA With Employer Contribution
    • HSA
    • HSA With Employer Contribution
    • On-Site Gym
    • Pet Insurance
    • Mental Health Benefits
    • Virtual Fitness Classes
  • Parental Benefits

    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Adoption Leave
  • Work Flexibility

    • Flexible Work Hours
    • Remote Work Opportunities
    • Hybrid Work Opportunities
  • Office Life and Perks

    • Commuter Benefits Program
    • Casual Dress
    • Happy Hours
    • Snacks
    • Company Outings
    • On-Site Cafeteria
    • Holiday Events
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Personal/Sick Days
    • Leave of Absence
    • Volunteer Time Off
  • Financial and Retirement

    • 401(K) With Company Matching
    • Stock Purchase Program
    • Performance Bonus
    • Relocation Assistance
    • Financial Counseling
    • Profit Sharing
  • Professional Development

    • Tuition Reimbursement
    • Promote From Within
    • Mentor Program
    • Shadowing Opportunities
    • Access to Online Courses
    • Lunch and Learns
    • Internship Program
    • Work Visa Sponsorship
    • Leadership Training Program
    • Associate or Rotational Training Program
  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Employee Resource Groups (ERG)
    • Founder led

Company Videos

Hear directly from employees about what it is like to work at Capital One.

This job is no longer available.

Search all jobs