Open Source Automation Engineer--Threat Modeling

7900 Westpark Drive (12131), United States of America, Tysons, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Open Source Automation Engineer--Threat Modeling

Security is essential to what we do at Capital One, from protecting our customers to our associates. In Capital One security is an enabler to support the business goals through innovation, not a step in the compliance process. Capital One is implementing Threat Modeling as a core discipline to embed cyber controls into our delivery lifecycle. To support this aim Capital One has created an Enterprise Threat Modeling team The successful candidate will join the Cyber Threat Modeling team which will be responsible for the delivery of repeatable processes, tools, databases and artifacts to support the business create, own and maintain Threat Models.

Some example deliverables of the team will be:

  • Partner closely with senior stakeholders throughout Capital One to establish and grow a Threat Modeling culture
  • Build and execute the enterprise rollout of Threat Modeling
  • Deliver training for Threat Modeling and Threat Model facilitation
  • Develop common tools to support the Threat Modeling as a service
  • Integrate Threat Modeling with next generation architecture such as Machine Learning
  • Use data driven processes to provide insight into emerging threats and exposure
  • Use Agile methodologies to incrementally add value to existing features

  • Driving the adoption of Threat Modeling throughout Capital One
  • Working with varied stakeholders to provide threat modeling training
  • Coaching and mentoring of application owners, users and delivery teams with respect to Threat Modeling
  • Development of a common toolset for enterprise adoption that allows sharing and reuse of knowledge and models
  • Define, create and report on KPI's to measure effectiveness and maturity of Threat Modeling at various levels within the Enterprise
  • Lead community activities to create a Threat Modeling culture at all levels of the organization
  • Represent Capital One Threat Modeling program at external events
  • Review and critically appraise market research to identify new tools, technologies and frameworks that could improve security and data governance posture
  • Engage with vendors and external special interest groups to determine future direction

  • Have experience with cloud technology and security
  • Love to build awesome products
  • Demonstrate strong stakeholder management skills
  • Possess hands on Agile organizational and delivery skills
  • Demonstrate personal evidence of technical implementation experience

Basic Qualifications:
  • Bachelor's degree or military experience
  • At least 1 year of experience implementing Threat Modeling as a program
  • At least 2 years of open source engineering experience

Preferred Qualifications:
  • Cloud certification, specifically AWS, GCP, Microsoft Azure
  • Certification in one or more of the following: CISSP, CISM, CISA, CRISC, ISEB
  • Experience of training and facilitation
  • Experience with Machine Learning

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Back to top