Application Security Engineer, Sr. Manager

McLean 1 (19050), United States of America, McLean, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Application Security Engineer, Sr. Manager

The Application Security Engineer will join a team of application security professionals focused on enabling line of business initiatives through a combination of risk-appropriate centralized services and localized execution.

The Application Security Engineer will work closely with agile software development teams to provide guidance through training, threat modeling, code reviews, and testing. Responsibilities can include, but are not limited to:

  • Deliver relevant application security training to development teams
  • Identify emerging vulnerabilities, risks, and threats during design iterations and provide appropriate countermeasures and backlog security stories
  • Review open source and proprietary code
  • Test new features and builds during agile sprints
  • Prevent security issues in production
  • Monitor developments within the application security industry to ensure internal policies, procedures, tools, and training reflect current trends and methods such as those published by OWASP
  • Mentor development team members and other application security team members as needed
  • Build custom tools, scripts, libraries, and platforms
  • Collaborate with other information security teams in the evaluation, development, implementation, communication, operation, monitoring and maintenance of security policies and procedures to promote a secure and innovative environment

Basic Qualifications
  • Bachelor's degree or military experience
  • At least 4 years of experience developing on web and mobile and API platforms
  • At least 4 years assessing and securing iOS and Android mobile apps
  • At least 4 years assessing and securing REST and SOAP APIs
  • At least 4 years assessing and securing web applications
  • At least 4 years reviewing source code and using security testing tools
  • At least 2 years delivering application security training to developers
  • At least 2 years threat modeling web and mobile applications
  • At least 2 years working in an agile SDLC

Preferred Qualifications
  • 1 year experience using agile security testing frameworks BDD-Security or Gauntlt
  • 1 year experience integrating security into DevOps pipelines
  • 1 year experience with Java
  • 1 year experience with Node.js
  • 1 year experience with Python
  • 1 year experience with Golang
  • 1 year experience with Objective-C and Swift
  • 1 year experience with CSSLP
  • 1 year experience with CISSP
  • 1 year experience with CEH
  • 1 year experience with OSCP

At this time, Capital One will not sponsor a new applicant for employment authorization for this position

Meet Some of Capital One's Employees

Ryan P.

Head Of Design

Ryan and his team of designers and developers work at The Shop, a combined technology workshop and retail hub, to create meaningful financial products and services.

Al L.

Technology Recruiting Manager

Al leads a team of recruiters that support technology growth across the company. He focuses on bringing in top technology talent that can impact an industry ripe for change.

Back to top