Application Security Engineer, Manager
Plano , Texas
January 20, 2017
Plano Town Center (31064), United States of America, Plano, Texas

Application Security Engineer, Manager

Information Security Officer - Application Security – Manager

Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients.  Ranked #124 on the Fortune 500, Capital One is one of the nation’s top 10 banks and has one of the most widely recognized brands in America.  We nurture a work environment where people with a variety of thoughts, ideas and backgrounds, guided by our shared values, come together to make Capital One a great company and a great place to work.

Security is essential to what we do at Capital One, from protecting our customers to our associates.  As Application Security subject matter expert, you are passionate about security and risk management.  You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process. You work with the business to understand their goals and objectives and help them meet those goals and objectives in a secure manner. At Capital One, you will help consult on initiatives, programs, and projects to raise their game in Information Security and Risk Management.  You will ensure Capital One applications are built with security at the forefront.  You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other security groups within Capital One to push the envelope.  You will lead a team of dynamic and talented Information Security individuals who want to learn from your experience and skills.


  • Provide ad-hoc penetration testing and retesting support
  • Review application penetration test findings with the application owner and work to eliminate or remediate risks associated with those findings
  • Teach web application security trainings for web developers that cover common vulnerabilities
  • Champion the adoption of Application Security testing tools and procedures
  • Maintain a deep understanding of Capital One’s Application Security Framework
  • Understand and communicate Application Security Best Practices and Secure Application Development
  • Work closely with business Agile teams to promote secure code development by providing security requirements throughout the development process
  • Act as a central point of contact for your line of business to the rest of Capital One’s Information Security, Fraud and Compliance teams
  • Integrate security tools for dynamic and static testing, Information Security Standards and processes, into the product or application lifecycle
  • Integrating threat modeling practices into the product life cycle
  • Promote security awareness by participating in Agile Release Trains and daily S2s
  • Support Vendor Security activities to ensure 3rd party software, including mobile applications, and development meet Capital One Information Security standards
  • Regularly review Capital One Security Metrics, report the state of application Security, against Capital One Standards, and communicate that information to the Application Owner
  • Ensure new applications are accounted for and enrolled in the Application Security Process
  • Influence customers to leverage security offerings, as well as, escalate to management when concerns arise
  • Provide ad hoc support on special Information Security hot topics for the business
  • Be able to bridge the gap of technical risk and business impact and communicate appropriately to both audiences

About You:

  • You have excellent communication and presentation skills to executive leadership
  • You have excellent problem solving, critical thinking, and analytic skills
  • You can effectively work with your peers to collaborate and share experiences
  • You are able to work well under minimal supervision
  • You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors

Basic Qualifications:

  • High School Diploma, GED, equivalent certification
  • At least 3 years of experience managing and/or consulting in Information Security
  • At least 3 years of exposure to OWASP Top 10, CWE/SANS 25, or WASC TV2
  • At least 3 years of experience performing manual penetration tests
  • At least 3 years of experience with common web application testing tools: BURP, ZAP, WebInspect, AppScan, Fortify
  • At least 2 years of experience with performing risk assessments, secure network architecture, and vulnerability management
  • At least 2 years of experience coding web applications
  • At least 2 years of experience remediating web application vulnerabilities

Preferred Qualifications:

  • At least 4 years of Information Security experience supporting the Financial Services sector
  • At least 5 years of experience manually pen testing web applications
  • At least one year of experience in Cloud Security
  • At least one year of experience in performing Application Security for Agile environments
  • Certification in the field of Information Security (CISSP, CISM, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, GWEB)

Primary Location: Plano, TX

At this time, Capital One will not sponsor a new applicant for employment authorization for this position. 

A little about us:
Headquartered in McLean, Virginia, Capital One® offers a broad array of financial products and services to consumers.

Know someone who would be interested in this job? Share it with your network.