Sign In
 [New User? Sign Up]
Mobile Version

Application Security Engineer

Capital One


Location:
Vienna, VA
Date:
08/23/2017
2017-08-232017-09-21
Job Code:
capitalone2-R31905
Categories:
  • Engineering
  •  
  • Save Ad
  • Email Friend
  • Print
  • Research Salary

Job Details

Company Capital One

Job Title: Application Security Engineer

JobID: capitalone2-R31905

Location: Vienna, VA, 22180, USA

Description: Towers Crescent (12066), United States of America, Vienna, Virginia



At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.



Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.



Application Security Engineer



**Application Security Engineer – Digital Trust**



Capital One (yes, the “what’s in your wallet?” company!) is rethinking the way the world approaches banking. We’re experimenting, innovating, and delivering breakthrough experiences at https://youtu.be/YWHZOx0YTc0 for 65 million customers. We love to be curious, to dream, and ask “What if?” Oh, and we love to write code at https://developer.capitalone.com/ , and not to brag, but we’re also a great place to work! at http://beta.fortune.com/best-companies/capital-one-financial-corporation-17



As a member of a technology team working on an innovative digital product under the Capital One Technology Fellows Program, the Application Security Engineer will join a team of application security professionals focused on ensuring data safety and system security for an innovative, new digital product. The Application Security Engineer will work closely with agile software development teams building the product as well as the security and compliance engineers from the company-wide units to design, automate and execute security threat modeling, code reviews, and vulnerability testing. Security for us is not an afterthought but an integral part of the engineering process. As such, application security engineering team is involved at each stage of the application built-out and has a significant voice in the architecture and implementation of the solution.



Responsibilities can include, but are not limited to:



+ Deliver relevant application security training and mentorship to development teams.

+ Participate in and lead solution design of critical parts of the application, especially the ones related to data encryption and storage at rest and in transit.

+ Identify emerging vulnerabilities, risks, and threats during design iterations and provide appropriate countermeasures and backlog security stories

+ Review and test open source and proprietary code

+ Test new features and builds during agile sprints

+ Prevent security issues in production

+ Monitor developments within the application security industry to ensure internal policies, procedures, tools, and training reflect current trends and methods such as those published by OWASP

+ Build custom tools, scripts, libraries, and platforms to test security and improve security.

+ Collaborate with other information security teams in the evaluation, development, implementation, communication, operation, monitoring and maintenance of security policies and procedures to promote a secure and innovative environment



**Basic Qualifications**



+ Bachelor’s degree or military experience

+ At least 3 years of professional software development experience

+ At least 5 years of security program management experience, covering activities like penetration testing, static analysis, and dynamic testing policies and procedures.

+ At least 5 years of experience evaluating and addressing security vulnerabilities with iOS (Swift, Objective-C), Android (Java) apps and their server side API’s.

+ At least 5 years of experience with mobile app hacking tools.

+ At least 5 years of experience securing open APIs and web applications over HTTP.

+ At least 5 years of experience in data encryption and data storage safety at rest and in transit, for large scale applications.

+ At least 5 years of experience assessing and securing iOS and Android mobile apps

+ At least 5 years of experience reviewing source code for security and administering large-scale security testing, including various types of penetration testing.

+ At least 5 years of experience in threat modeling web and mobile applications



**Preferred Qualifications**



+ At least 5+ years of experience in securing data storage systems with distributed usage patterns

+ At least 1+ years of experience with distributed identity systems

+ At least 1+ years of experience securing microservice architecture systems

+ At least 1+ years of experience securing highly sensitive systems for the federal government and/or financial institutions

+ At least 3+ years of experience with security-related NIST, PCI and HIPAA/HITECH provisions.

+ At least 1+ years of experience with Golang, Node, Java, Objective-C, Swift and Python.

+ At least 1+ years of experience with CSSLP, CISSP, CEH and OSCP.



**What to Expect**



The Digital Products Engineering team is responsible for building consumer web and mobile applications. Our award-winning apps enable our 45 million customers to manage their data and finances. The apps are also mobile e-commerce platforms, enabling new customer and account origination.



Protecting our customer's sensitive financial and personal information is our top priority. We are looking for someone to continue to push the state-of-the-art in web and mobile application security and to integrate these solutions into our best-in-class applications. Our goal is to provide the best possible customer experience, and we will settle for nothing less. If Diffie–Hellman key exchange is your thing, and you quote Shannon at dinner parties - then please get in touch with us!



**Responsibilities:**



+ Driving and iterating on a web and mobile application security program, working closely with several development teams to integrate security practices into a number of applications throughout the agile development cycle.

+ Work continuously with product, design, & engineering teams to identify application security requirements as applications continue to grow and evolve.

+ Grow and provide SME level leadership in iOS and Android mobile client and API security.

+ Collaborating with other security & risk organizations within the company to develop the mobile application security strategy.

+ Evaluating application development and implementation activities for vulnerabilities and perform penetration testing.

+ Monitoring new security trends, tools, & technologies.

+ Develop and maintain relationships with vendors and 3rd party partners.

+ Manage stakeholders through regular meetings, communication, and presentations.

+ Recruit new engineering security talent and represent the Capital One brand through conference speaking and public writing



At this time, Capital One will not sponsor a new applicant for employment authorization for this position.



At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.                                               


Powered By

Featured Employers

Featured Jobs

CareerConnection Video