Cyber Threat Modeling Engineer

7900 Westpark Drive (12131), United States of America, Tysons, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Cyber Threat Modeling Engineer

Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients. Ranked #100 on the Fortune 500, Capital One is one of the nation's top 10 banks and has one of the most widely recognized brands in America. We nurture a work environment where people with a variety of thoughts, ideas and backgrounds, guided by our shared values, come together to make Capital One a great company and a great place to work.

Security is essential to what we do at Capital One, from protecting our customers to our associates. As part of the Cyber team, you are passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process. Capital One is implementing Threat Modeling as a core discipline to embed cyber controls into our delivery lifecycle. As such the team will be responsible for training, enabling and supporting threat modeling. The successful candidate will join the Cyber Threat Modeling team which will be responsible for creating and delivering an enterprise program. Some example deliverables of the team will be:

  • Plan and executing the enterprise rollout of Threat Modeling
  • Partnering closely with various of groups of stakeholders throughout Capital One to establish and grow a Threat Modeling culture via community engagement both internally and externally
  • Deliver training for Threat Modeling and Threat Model facilitation
  • Develop common tools to support the Threat Modeling as a service
  • Use data driven processes to provide insight into emerging threats and exposure
  • Use Agile methodologies to incrementally add value to existing features

  • Driving the adoption of Threat Modeling throughout Capital One
  • Working with varied stakeholders to provide threat modeling training
  • Leadership, coaching and mentoring of application owners, users and delivery teams with respect to Threat Modeling
  • Development of a common toolset for enterprise adoption that allows sharing and reuse of knowledge and models
  • Define, create and report on KPI's to measure effectiveness and maturity of Threat Modeling at various levels with the Enterprise
  • Lead community activities to create a Threat Modeling culture at all levels of the organization
  • Represent Capital One Threat Modeling program at external events
  • Review and critically appraise market research to identify new tools, technologies and frameworks that could improve security and data governance posture
  • Engage with vendors and external special interest groups to determine future direction

  • Have practical hands-on experience in information security
  • Have an active interest in Threat Modeling
  • Have experience in a financial or highly regulated environment
  • Have experience of cloud technology and security
  • Demonstrate effective written and verbal communication skills
  • Demonstrate strong stakeholder management skills
  • Possess hands on Agile organizational and delivery skills
  • Demonstrate personal evidence of technical implementation experience

Basic Qualifications:
  • Bachelor's degree or military experience
  • At least 2 years of experience in Threat Modeling

Preferred Qualifications:
  • Cloud certification, specifically AWS, GCP, Microsoft Azure
  • Certification in one or more of the following: CISSP, CISM, CISA, CRISC, ISEB
  • Experience of training and facilitation
  • Technical risk analysis, assessment and mitigation
  • Proficiency in a programming language

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Back to top