Application Security - Senior Manager

7900 Westpark Drive (12131), United States of America, Tysons, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Application Security - Senior Manager

Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients. Capital One is one of the nation's top 10 banks and has one of the most widely recognized brands in America. We nurture a work environment where people with a variety of thoughts, ideas and backgrounds, guided by our shared Values, come together to make Capital One a great company and a great place to work.

Capital One's Application Security Program ensures appropriate controls are built into software throughout the development lifecycle and tests to ensure those controls are effectively implemented in our applications. The Application Security (App Sec) Process Specialist will be responsible for managing the day-to-day execution of App Sec tasks, to support various program level activities for App Sec and specifically support the vision of the Application Security's Open Source and Code Review capabilities.

Job responsibilities

  • Review Open Source Contributions made by Capital One employees to assess for security vulnerabilities
  • Review Open Source Intake requests being used by the Capital One community
  • Collaborate with Application Owners and Systems Teams to onboard applications for automated source code and binary reviews using enterprise-class static analysis platform
  • Troubleshoot integrations, facilitate support and results review requests from teams, helping to triage flaws and drive mitigation of identified risks
  • Lead process improvement activities to streamline processes and improve quality
  • Evaluate application security controls evidenced through static analysis against policy and standards
  • Build and maintain relationships with Risk, Technical and Systems Leads
  • Support reporting for application enrollment and Open Source remediation
  • Stay abreast of new security technologies and integrate into process when appropriate

Roles, skills, and attributes
  • Strong, proven problem-solving skills and ability to identify, analyze, and resolve problems, driving work through to completion
  • Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction
  • Demonstrated ability to work effectively in a professional environment that values open communication
  • Energy and a clear passion for the role
  • Demonstrated personal values aligned with the corporate values
  • Excellent written and verbal business English
  • Demonstrated desire to attain certifications and training in Information Security and Application Security
  • Strong communication skills with the ability to manage responsibilities across multiple areas
  • Ability to translate technical security vulnerabilities into business risk/impact to applications
  • Strong problem-solving and conceptual thinking abilities

Basic Qualifications:
  • Bachelor's degree in Computers Science, Information Security or Military Experience
  • At least 5 years of experience in application development like Java, C, iOS, Droid, Ruby or Python
  • At least 2 year in information security developing a security product or responsibility for delivery of security functionality within an application

Preferred Qualifications:
  • 3 years of experience in OWASP Top 10, SANS Top 25 and secure coding techniques to avoid known cross-language as well as platform-specific weaknesses
  • 1 year of experience as contributor to Open Source Project and familiarity with Open Source Software development toolchain and release cycle
  • 3 years of experience with static analysis tools and flaw triage such as HP Fortify, IBM Rational, Veracode or Coverity, FindBugs, FindSecurityBugs, Brakeman and Open Source scanning tools such as Sonatype CLM
  • 2 years of experience with dynamic scanners like WebInspect
  • 3 years of experience with Java security frameworks like Spring Security, JAAS, or Apache Shiro
  • Certifications: OSCP, CISSP, CSSLP, CISA, CEH, SANS or Cloud computing

At this time, Capital One will not sponsor a new applicant for employment authorization for this position

Meet Some of Capital One's Employees

Ryan P.

Head Of Design

Ryan and his team of designers and developers work at The Shop, a combined technology workshop and retail hub, to create meaningful financial products and services.

Al L.

Technology Recruiting Manager

Al leads a team of recruiters that support technology growth across the company. He focuses on bringing in top technology talent that can impact an industry ripe for change.

Back to top