Senior Application Security Engineer - APIs
Are you passionate about finding vulnerabilities in web APIs and software systems, with the goal of making them more secure? Do you enjoy designing end-to-end security for large-scale, API-driven platforms? Is securing data storage systems with distributed usage patterns your passion? Is Diffie–Hellman key exchange your thing, and do you quote Shannon at dinner parties (you can tell us)? If you have answered most of these questions with a “yes”, then you have found the right place for the next step in your career.
Capital One (yes, the “what’s in your wallet?” company!) is rethinking the way the world approaches banking. We’re experimenting, innovating, and delivering breakthrough experiences for 65 million customers. We love to be curious, to dream, and ask “What if?” Oh, and we love to write code, and not to brag, but we’re also a great place to work!
The person we are looking for:
- Experience in mentoring teams
- Participates in and leads solution design of critical parts of the application, especially the ones related to data encryption and storage at rest and in transit.
- Identifies emerging vulnerabilities, risks, and threats during design iterations and provide appropriate countermeasures and backlog security stories
- Reviews and tests open source and proprietary code
- Monitors developments within the application security industry to ensure internal policies, procedures, tools, and training reflect current trends and methods such as those published by OWASP
- Builds custom tools, scripts, libraries, and platforms to test security and improve security.
- Is an excellent communicator who deeply values enabling and assisting their team members.
- At least 5 total years of professional software development experience
- At least 3 years of experience securing open APIs and web applications over HTTP.
- Experience in securing data storage systems with distributed usage patterns
- Experience with mobile app hacking tools
- Experience with distributed identity systems
- Experience securing microservice architecture systems
- Experience securing highly sensitive systems for the federal government financial institutions
- Experience of security-related NIST, PCI and HIPAA/HITECH provisions.
- Experience with Golang, Node, Java, Objective-C, Swift and Python.
- Experience with CSSLP, CISSP, CEH and OSCP.
Job ID R45919