Lead Directory Security Engineer

    • Plano, TX

1 Broadway (21026), United States of America, Cambridge, Massachusetts

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Lead Directory Security Engineer

Do you have expert level experience securing Active Directory, Azure Active Directory, AWS Microsoft AD, Google Cloud Directory, LDAP or other directory platforms? Do you have a desire to lead a team that works on exciting leading edge technologies and designs solutions for complex on-premises and cloud-based Directory security challenges? If so, then this opportunity might be for you.

Capital One is seeking an expert level Lead Directory Security Engineer and People Manager within the Identity and Access Management organization to to lead, manage, and mentor a team of engineers responsible for securing Capital One's enterprise Directory Services environment that includes Active Directory, Azure Active Directory, AWS Microsoft Active Directory, and Google Cloud Domain Directory.

Candidates for this role should have expert level knowledge and experience in securing complex enterprise level Active Directory environments and have a passion for risk assessment and mitigation, learning new cloud based technologies, and driving automated and efficient solutions to complex problems.

This is a people manager role and candidates should be experienced managing teams and be a hands-on technical expert in Active Directory security, be self-motivated, and be able to work well in a fast paced, results focused, geographically dispersed team environment.


  • Manage a team of engineers responsible for the security of Capital One's enterprise Active Directory environment including on-premise and cloud environments from AWS, Microsoft, and Google
  • Provide leadership during the analysis, troubleshooting, and investigation of security related events within the Active Directory platforms
  • Recommend information security technologies and procedures by proactively identifying problems and evaluating industry trends
  • Ensure the Directory Services roadmap aligns with security initiatives, business needs, and forward looking requirements
  • Manage quarterly security audits and ensure the Active Directory environment adheres to security and compliance settings
  • Prepare security metrics and socialize to leadership on a monthly basis
  • Be the project lead or participate as a team member on certain projects within or across technology and business teams
  • Be the product owner for third-party tools from Microsoft, Quest, and StealthBITS to protect the environment and monitor for security breaches, intrusions and irregular system behavior
  • Partner with our CyberSecurity organization to translate risks and requirements into implemented technology solutions
  • Ensure that Active Directory security aligns with the corporate Information Security Standards and IAM Procedures
  • Participate in the evaluation, development, and implementation of security standards and best practices for Active Directory and recommend security enhancements to management as needed
  • Educate team members on information security through training and increased awareness

Key Terms: Active Directory, Windows, Microsoft, Azure, AzureAD, AWS, Google Cloud, Powershell, IAM, Directory Services, LDAP, Security, Compliance

Basic Qualifications:
  • Bachelor's Degree
  • At least 5 years of experience with Active Directory
  • At least 3 years experience securing enterprise level Active Directory environments
  • At least 3 years of experience preventing Active Directory credential theft attacks (Pass the Hash, Golden Ticket or lateral movement)
  • At least 3 years of experience with Group Policy Objects, Security Log Analysis and Delegation of Permissions
  • At least 2 years of experience generating reports against Active Directory
  • At least 2 years of people management and leading a technical team

Preferred Qualifications:
  • Bachelor's or Master's degree in Computer Science, Information Systems, Engineering, or similar fields
  • 3+ years of experience developing complex scripts in PowerShell, VBScript, JavaScript, Python or other languages to develop automated solutions
  • 2+ years of experience supporting Active Directory in a cloud hosted environment from AWS, Microsoft, or Google
  • 2+ years of experience with Windows Server 2012 or 2016 Active Directory
  • Possess an industry recognized information security certificate such as CISSP, CISM, CEH, or similar

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Capital One is a nationally recognized and high-tech business banking company, offering better customized consumer and commercial lending and deposit financial services.

Capital One Company Image

Back to top