Senior Manager, Application Security Penetration Tester

Towers Crescent (12066), United States of America, Vienna, Virginia

At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Senior Manager, Application Security Penetration Tester

Are you passionate about finding vulnerabilities in web APIs and software systems, with the goal of making them more secure? Do you enjoy designing end-to-end security for large-scale, API-driven platforms? Is securing data storage systems with distributed usage patterns your passion? Is Diffie-Hellman key exchange your thing, and do you quote Shannon at dinner parties (you can tell us)? If you have answered most of these questions with a "yes", then you have found the right place for the next step in your career.

Capital One (yes, the "what's in your wallet?" company!) is rethinking the way the world approaches banking. We're experimenting, innovating, and delivering breakthrough experiences for 65 million customers. We love to be curious, to dream, and ask "What if?" Oh, and we love to write code, and not to brag, but we're also a great place to work!

The person we are looking for:

  • Experience in mentoring teams
  • Participates in and leads solution design of critical parts of the application, especially the ones related to data encryption and storage at rest and in transit.
  • Identifies emerging vulnerabilities, risks, and threats during design iterations and provide appropriate countermeasures and backlog security stories
  • Reviews and tests open source and proprietary code
  • Monitors developments within the application security industry to ensure internal policies, procedures, tools, and training reflect current trends and methods such as those published by OWASP
  • Builds custom tools, scripts, libraries, and platforms to test security and improve security.
  • Is an excellent communicator who deeply values enabling and assisting their team members.

Basic Qualifications
  • At least 8 total years of professional software development experience
  • At least 4 years of experience securing open APIs and web applications over HTTP.

Preferred Qualifications
  • Experience in securing data storage systems with distributed usage patterns
  • Experience with mobile app hacking tools
  • Experience with distributed identity systems
  • Experience securing microservice architecture systems
  • Experience securing highly sensitive systems for the federal government financial institutions
  • Experience of security-related NIST, PCI and HIPAA/HITECH provisions.
  • Experience with Golang, Node, Java, Objective-C, Swift and Python.
  • Experience with CSSLP, CISSP, CEH and OSCP.

What to Expect

The Digital Products Engineering team is responsible for building consumer web and mobile applications. Our award-winning apps enable our 45 million customers to manage their data and finances. The apps are also mobile e-commerce platforms, enabling new customer and account origination.

Protecting our customer's sensitive financial and personal information is our top priority. We are looking for someone to continue to push the state-of-the-art in web and mobile application security and to integrate these solutions into our best-in-class applications. Our goal is to provide the best possible customer experience, and we will settle for nothing less.

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Back to top