Application Security Engineer, Manager

Plano Town Center (31064), United States of America, Plano, Texas

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Application Security Engineer, Manager

Information Security Officer - Application Security – Manager

Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients. Ranked #124 on the Fortune 500, Capital One is one of the nation’s top 10 banks and has one of the most widely recognized brands in America. We nurture a work environment where people with a variety of thoughts, ideas and backgrounds, guided by our shared values, come together to make Capital One a great company and a great place to work.

Security is essential to what we do at Capital One, from protecting our customers to our associates. As Application Security subject matter expert, you are passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process. You work with the business to understand their goals and objectives and help them meet those goals and objectives in a secure manner. At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management. You will ensure Capital One applications are built with security at the forefront. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other security groups within Capital One to push the envelope. You will lead a team of dynamic and talented Information Security individuals who want to learn from your experience and skills.


  • Provide ad-hoc penetration testing and retesting support
  • Review application penetration test findings with the application owner and work to eliminate or remediate risks associated with those findings
  • Teach web application security trainings for web developers that cover common vulnerabilities
  • Champion the adoption of Application Security testing tools and procedures
  • Maintain a deep understanding of Capital One’s Application Security Framework
  • Understand and communicate Application Security Best Practices and Secure Application Development
  • Work closely with business Agile teams to promote secure code development by providing security requirements throughout the development process
  • Act as a central point of contact for your line of business to the rest of Capital One’s Information Security, Fraud and Compliance teams
  • Integrate security tools for dynamic and static testing, Information Security Standards and processes, into the product or application lifecycle
  • Integrating threat modeling practices into the product life cycle
  • Promote security awareness by participating in Agile Release Trains and daily S2s
  • Support Vendor Security activities to ensure 3rd party software, including mobile applications, and development meet Capital One Information Security standards
  • Regularly review Capital One Security Metrics, report the state of application Security, against Capital One Standards, and communicate that information to the Application Owner
  • Ensure new applications are accounted for and enrolled in the Application Security Process
  • Influence customers to leverage security offerings, as well as, escalate to management when concerns arise
  • Provide ad hoc support on special Information Security hot topics for the business
  • Be able to bridge the gap of technical risk and business impact and communicate appropriately to both audiences

About You:

  • You have excellent communication and presentation skills to executive leadership
  • You have excellent problem solving, critical thinking, and analytic skills
  • You can effectively work with your peers to collaborate and share experiences
  • You are able to work well under minimal supervision
  • You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors

Basic Qualifications:

  • High School Diploma, GED, equivalent certification
  • At least 3 years of experience managing and/or consulting in Information Security
  • At least 3 years of exposure to OWASP Top 10, CWE/SANS 25, or WASC TV2
  • At least 3 years of experience performing manual penetration tests
  • At least 3 years of experience with common web application testing tools: BURP, ZAP, WebInspect, AppScan, Fortify
  • At least 2 years of experience with performing risk assessments, secure network architecture, and vulnerability management
  • At least 2 years of experience coding web applications
  • At least 2 years of experience remediating web application vulnerabilities

Preferred Qualifications:

  • At least 4 years of Information Security experience supporting the Financial Services sector
  • At least 5 years of experience manually pen testing web applications
  • At least one year of experience in Cloud Security
  • At least one year of experience in performing Application Security for Agile environments
  • Certification in the field of Information Security (CISSP, CISM, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)

Primary Location: Plano, TX

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

No agencies please. Capital One is an Equal Opportunity Employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to gender, race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status protected by applicable national, federal, state or local law Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City’s Fair Chance Act; Philadelphia’s Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.
If you require an accommodation to apply for a job or to perform a job, please contact Capital One Recruiting at 1-800-304-9102 or [email protected]

All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to [email protected]

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Meet Some of Capital One's Employees

Michelle B.

UX Design Researcher

At Capital One’s user research lab facility, The Garage, in Plano, Texas, Michelle tests usability, examines customer behavior, and constructs the best customer-centered home and auto loan products.

Mazen L.

Director, Digital Product Marketing

Mazen is transforming the financial industry, one groundbreaking product at a time. By applying imaginative marketing techniques, Mazen shines the spotlight on Capital One’s most impactful financial technologies.

Back to top