As a Mainframe Security Engineer, you will:
Optimize cybersecurity program processes and output.
Contribute to the broader program roadmap.
Drive reporting accuracy and demand excellence in department deliverables.
Actively manage and escalate risk and customer-impacting issues within the day-to-day role to management.
Manage and execute cybersecurity risk assessments using qualitative and quantitative methodologies to support the organization�s overall security posture.
Maintain an awareness of emerging cybersecurity threats by analyzing and reporting on cybersecurity risk against various Cybersecurity Frameworks (NIST CSF, NIST 800-53, PCI DSS).
Perform in-depth analysis of security issues and vulnerabilities using tools including WhiteHat, Veracode, and Qualys to ensure compliance with audit, regulatory and legal requirements.
Design metrics and develop advanced capabilities to ensure confidentiality, integrity, availability, authentication, and non-repudiation to communicate elevated risk in a business friendly manner to Cybersecurity Leadership and 2nd line partners.
Proactively identify and report control deficiencies as issues within action plans.
Conduct strategic and operational effectiveness assessments as required for cyber events, and regulatory and audit reviews.
Utilize ServiceNow and Cyber Risk System for risk management and risk remediation, processing potential security exceptions and/or risk acceptances against established security policies and standards.
Gather and challenge data, evidence, or statuses for accuracy to achieve initiative and risk mitigation completion.
Basic Qualifications:
High School Diploma, GED, or equivalent certification
At least 3 years of experience working in cybersecurity or information technology
At least 3 years of experience in Mainframe Security Risk Assessment & Remediation
Preferred Qualifications:
Bachelor�s Degree
6+ years in Identity and Access Management
4+ years of experience in RACF Administration (z/OS 2.1 and above)
4+ years of experience issuing RACF and Top Secret Commands & Diagnostic Expertise
4+ years of Privilege Access Management (CyberArk, SailPoint IIQ)
GIAC
CISSP
At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, or another type of work authorization).
The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.
McLean, VA: $161,800 - $184,600 for Prin Assoc, Cyber TechnicalPlano, TX: $147,100 - $167,900 for Prin Assoc, Cyber Technical
Richmond, VA: $147,100 - $167,900 for Prin Assoc, Cyber Technical
Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate�s offer letter.
This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.
Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at theCapital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.
This role is expected to accept applications for a minimum of 5 business days.
