Data Security Analyst - Senior Associate level

7900 Westpark Drive (12131), United States of America, Tysons, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Data Security Analyst - Senior Associate level

Data Security Analyst - Senior Associate level

Capital One is looking for a bright, passionate and dedicated individual to join our Insider Threat team. This individual will be responsible for investigative, monitoring, and technical aspects of our Data Loss Prevention (DLP) program and enterprise DLP systems. This role will have an understanding of data protection strategies such as data loss prevention (DLP), endpoint protection, cloud security, database security, and mobile device data protection. A successful candidate must have or be capable of quickly gaining a technical understanding of architecture and environments supported. This position will report to the Senior Manager of the enterprise Data Loss Prevention program and contribute to the overall insider threat operations team.

Job description

As an experience professional in our Cybersecurity organization, you're equally committed to watching over our data today, as well as finding innovative new ways to protect it in the future. To do that, you'll help lead a highly motivated team laser-focused on analyzing, designing, developing and delivering solutions built to stop adversaries and strengthen our operations. You'll use your leadership skills to give guidance, best practice advice and support across all our business and technology groups. You'll deploy best practices, new policies, and emerging trends to strengthen our strategic roadmap. You'll keep management, executive directors, managing directors and stakeholders in the loop.

As a member of the Cybersecurity team, you'll use your leadership skills to give guidance and risk-aligned advice to support our business and technology groups. The Data Loss Prevention ("DLP") Engineer will design, develop, test, and implement preventative and detective controls for protect the firm from data exfiltration. The Engineer provides operational oversight of the controls in the DLP event monitoring environment including policies, procedures, governance, and integration with Security Information and Event Management ("SEIM") systems. The DLP Engineer is responsible employing a threat-based approach for designing risk-aligned controls and correlation with relevant risk factors or data points. The DLP Engineer is responsible for evaluating events and trends for purposes of improving risk-alignment and performance tuning and works closely with other IT and business areas to ensure high quality implementation of security controls within the IT infrastructure and operational processes. The candidate must have experience with DLP systems, SIEM and log management technologies.

Primary Responsibilities

  • Develop and implement DLP policies and response actions in cooperation with line of business stakeholders geared toward to the business strategic direction
  • Ensures stability and resiliency of Cybersecurity products and services
  • Designs, analyzes, develops and implements DLP monitoring controls
  • Host use case workshops to identify attack vectors and develop monitoring rules to detect data leakage incidents in the environment and appropriate triage procedures
  • Employs approved defense-in-depth principles along the kill chain to eliminate risk and vulnerabilities and improves security controls
  • Capable of performing technical and non-technical (people and operations) risk and vulnerability assessments and supports data loss incident response
  • Leads data loss incident response, risk reviews and vulnerability assessments
  • Executes research and development of proof of concept in line with emerging industry trends
  • Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities.
  • Use of Symantec DLP and Splunk expertise
  • Advising SOC Managers on best practices and use cases on how to use Symantec DLP to detect events and Splunk to correlate events to achieve end state requirements


This position is anticipated to require the use of one or more High Security Access (HSA) systems. Users of these systems are subject to enhanced screening which includes both criminal and credit background checks, and/or other enhanced screening at the time of accepting the position and on an annual basis thereafter. The enhanced screening will need to be successfully completed prior to commencing employment or assignment. This role requires a wide variety of strengths and capabilities, including:
  • Excellent command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
  • Ability to identify network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
  • Subject matter expert on DLP policy and response action development
  • Scripting or programming experience in at least 1 object oriented language
  • Able to work independently or in a team to create and optimize data loss detection rules
  • Knowledge of what constitutes a data loss event and the relationship to both threats and vulnerabilities along with the ability to identify systemic security issues
  • 2 years DLP engineering experience with emphasis on security operations, incident management, intrusion detection, firewall deployment and security event analysis.
  • 2 years with SIEM and Log Management technologies specific to Splunk and/or ArcSight.
  • Proficient and proven track record of delivering Cybersecurity products and services within a business domain
  • Solid experience in supporting and improving Cybersecurity and/or technology controls to support the business


Basic Qualifications:
  • BSc of Computer Science, Engineering, or equivalent to military experience
  • At least 2 years of experience developing SIEM alerts and IPS/IDS signatures
  • Certifications: CISSP, CISM, CISA, GIAC


At this time, Capital One will not sponsor a new applicant for employment authorization for this position.


Meet Some of Capital One's Employees

Ryan P.

Head Of Design

Ryan and his team of designers and developers work at The Shop, a combined technology workshop and retail hub, to create meaningful financial products and services.

Al L.

Technology Recruiting Manager

Al leads a team of recruiters that support technology growth across the company. He focuses on bringing in top technology talent that can impact an industry ripe for change.


Back to top