Application Security – Senior Manager

Recruiting: TX - Plano, United States of America, Plano, Texas

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Application Security – Senior Manager

Security is essential to what we do at Capital One, from protecting our customers to our associates. As an AppSec team member, you are passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process.

At Capital One, you will work to test applications (web-app, mobile, APIs, static code, open source, etc.) to help ensure they are built securely. You will use automated and manual testing techniques (static and dynamic) to find issues and then work with developers to close them. You get excited about security and are proud when you find and close issues. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other security groups within Capital One. You are willing to put in the time and effort to learn about the field and enhance your skillset. You are ambitious, thoughtful, self-motivated and want to develop solutions to unique technical challenges.

Responsibilities:

  • Provide direct management and day-to-day task oversight of a team of AppSec penetration testers
  • Conduct continuous performance management activities for direct reports
  • Serve as the AppSec divisional lead for a designated Line of Business (LOB) to ensure proper integration of application security
  • Develop and maintain a deep understanding of the risks and applications within the designated LOB
  • Provide general AppSec consulting to development teams to empower them to build secure applications
  • Review test reports as performed by internal and third party resources for accuracy and comprehensiveness
  • Offer detailed, thoughtful, and business-aware remediation recommendations to stakeholders
  • Contribute to the build out and enhancement of the dynamic application security program at Capital One
  • Provide guidance and mentoring to a geographically dispersed team
  • Perform manual web and mobile application security assessments using Capital One's testing framework and methodology
  • Perform automated web application security testing using Capital One tools (HP WebInspect, Fortify, Burp, CheckMarx, NowSecure, etc.)
  • Have an understanding of the Agile development methodology
  • Promote security awareness by participating in Agile Release Trains
  • Teach internal application security trainings tailored to various audiences (e.g. internal App Sec team, development teams)

About You:

  • You are passionate about information security and take your personal time to investigate and develop your skills in this field
  • You work well in a dynamic and changing environment
  • You have excellent communication and presentation skills to executive leadership
  • You have excellent leadership skills and the desire to lead a team of talented AppSec professionals
  • You have exceptional judgement and decision-making skills
  • You have excellent problem solving, critical thinking, and analytic skills
  • You can effectively work with your peers to collaborate and share experiences
  • You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors

Basic Qualifications:

  • A Bachelor's Degree, or military experience
  • At least 2 years of experience managing or leading a security test team
  • At least 5 years of experience performing manual application penetration tests
  • At least 5 years of exposure to OWASP Top 10
  • At least 5 years of experience with common application testing tools: Burp, Zap, WebInspect, AppScan, NowSecure or MobSF

Preferred Qualifications:

  • 2 years of experience with mobile application security testing
  • 2 years of Information Security experience supporting the Financial Services sector
  • 2 years of experience in developing one or more of the following languages - Go, SWIFT, Objective C, JAVA or .NET
  • A certification in the field of Information Security CISSP, CISM, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT or GWEB

At this time, Capital One will not sponsor a new applicant for employment authorization for this position

No agencies please. Capital One is an Equal Opportunity Employer committed to diversity in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, physical and mental disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status prohibited by applicable national, federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you require an accommodation to apply for a job or to perform a job, please contact Capital One Recruiting at 1-800-304-9102 or


Meet Some of Capital One's Employees

Ryan P.

Head Of Design

Ryan and his team of designers and developers work at The Shop, a combined technology workshop and retail hub, to create meaningful financial products and services.

Emma S.

Product Manager

On Capital One’s exploratory Research and Development Group, Emma takes consumer-driven products from white space to market with innovative and interactive user-testing lab experiments.


Back to top