Application Security - Senior Manager

Capital One Financial   •  

Tysons Corner, VA

Industry: Accounting, Finance & Insurance


5 - 7 years

Posted 176 days ago

This job is no longer available.

Application Security - Senior Manager

Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients. Capital One is one of the nation’s top 10 banks and has one of the most widely recognized brands in America. We nurture a work environment where people with a variety of thoughts, ideas and backgrounds, guided by our shared Values, come together to make Capital One a great company and a great place to work.

Capital One's Application Security Program ensures appropriate controls are built into software throughout the development lifecycle and tests to ensure those controls are effectively implemented in our applications. The Application Security (App Sec) Process Specialist will be responsible for managing the day-to-day execution of App Sec tasks, to support various program level activities for App Sec and specifically support the vision of the Application Security’s Open Source and Code Review capabilities.

Job responsibilities

  • Review Open Source Contributions made by Capital One employees to assess for security vulnerabilities
  • Review Open Source Intake requests being used by the Capital One community
  • Collaborate with Application Owners and Systems Teams to onboard applications for automated source code and binary reviews using enterprise-class static analysis platform
  • Troubleshoot integrations, facilitate support and results review requests from teams, helping to triage flaws and drive mitigation of identified risks
  • Lead process improvement activities to streamline processes and improve quality
  • Evaluate application security controls evidenced through static analysis against policy and standards
  • Build and maintain relationships with Risk, Technical and Systems Leads
  • Support reporting for application enrollment and Open Source remediation
  • Stay abreast of new security technologies and integrate into process when appropriate

Roles, skills, and attributes

  • Strong, proven problem-solving skills and ability to identify, analyze, and resolve problems, driving work through to completion
  • Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction
  • Demonstrated ability to work effectively in a professional environment that values open communication
  • Energy and a clear passion for the role
  • Demonstrated personal values aligned with the corporate values
  • Excellent written and verbal business English
  • Demonstrated desire to attain certifications and training in Information Security and Application Security
  • Strong communication skills with the ability to manage responsibilities across multiple areas
  • Ability to translate technical security vulnerabilities into business risk/impact to applications
  • Strong problem-solving and conceptual thinking abilities

Basic Qualifications:

  • Bachelor’s degree in Computers Science, Information Security or Military Experience
  • At least 5 years of experience in application development like Java, C, iOS, Droid, Ruby or Python
  • At least 2 year in information security developing a security product or responsibility for delivery of security functionality within an application

Preferred Qualifications:

  • 3 years of experience in OWASP Top 10, SANS Top 25 and secure coding techniques to avoid known cross-language as well as platform-specific weaknesses
  • 1 year of experience as contributor to Open Source Project and familiarity with Open Source Software development toolchain and release cycle
  • 3 years of experience with static analysis tools and flaw triage such as HP Fortify, IBM Rational, Veracode or Coverity, FindBugs, FindSecurityBugs, Brakeman and Open Source scanning tools such as Sonatype CLM
  • 2 years of experience with dynamic scanners like WebInspect
  • 3 years of experience with Java security frameworks like Spring Security, JAAS, or Apache Shiro
  • Certifications:  OSCP, CISSP, CSSLP, CISA, CEH,  SANS or Cloud computing

Job ID R47576