Sign In
 [New User? Sign Up]
Mobile Version

Application Security Open Source - Senior Associate

Capital One


Location:
Richmond, VA
Date:
07/26/2017
2017-07-262017-08-24
Job Code:
capitalone2-R25203
Categories:
  • Management
  •  
  • Save Ad
  • Email Friend
  • Print
  • Research Salary

Job Details

Company Capital One

Job Title: Application Security Open Source - Senior Associate

JobID: capitalone2-R25203

Location: Richmond, VA, 23261, USA

Description: 7900 Westpark Drive (12131), United States of America, Tysons, Virginia



At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.



Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.



Application Security Open Source - Senior Associate



Capital One is a diversified bank that offers a broad array of financial products and services to consumers, small business and commercial clients. Capital One is one of the nation’s top 10 banks and has one of the most widely recognized brands in America. We nurture a work environment where people with a variety of thoughts, ideas and backgrounds, guided by our shared Values, come together to make Capital One a great company and a great place to work.



Capital One's Application Security Program ensures appropriate controls are built into software throughout the development lifecycle and tests to ensure those controls are effectively implemented in our applications. The Application Security (App Sec) Process Specialist will be responsible for managing the day-to-day execution of App Sec tasks, to support various program level activities for App Sec and specifically support the vision of the Application Security’s Open Source and Code Review capabilities.



Job responsibilities



+ Review Open Source Contributions made by Capital One employees to assess for security vulnerabilities

+ Review Open Source Intake requests being used by the Capital One community

+ Collaborate with Application Owners and Systems Teams to onboard applications for automated source code and binary reviews using enterprise-class static analysis platform

+ Troubleshoot integrations, facilitate support and results review requests from teams, helping to triage flaws and drive mitigation of identified risks

+ Lead process improvement activities to streamline processes and improve quality

+ Evaluate application security controls evidenced through static analysis against policy and standards

+ Build and maintain relationships with Risk, Technical and Systems Leads

+ Support reporting for application enrollment and Open Source remediation

+ Stay abreast of new security technologies and integrate into process when appropriate



Roles, skills, and attributes



+ Strong, proven problem-solving skills and ability to identify, analyze, and resolve problems, driving work through to completion

+ Demonstrated ability to work effectively with a team, delivering high performance and customer satisfaction

+ Demonstrated ability to work effectively in a professional environment that values open communication

+ Energy and a clear passion for the role

+ Demonstrated personal values aligned with the corporate values

+ Excellent written and verbal business English

+ Demonstrated desire to attain certifications and training in Information Security and Application Security

+ Strong communication skills with the ability to manage responsibilities across multiple areas

+ Ability to translate technical security vulnerabilities into business risk/impact to applications

+ Strong problem-solving and conceptual thinking abilities



Basic Qualifications:



+ Bachelor’s degree in Computers Science, Information Security or Military Experience

+ At least 3 years of experience in application development like Java, C, iOS, Droid, Ruby or Python

+ At least 1 year in information security developing a security product or responsibility for delivery of security functionality within an application



Preferred Qualifications:



+ Thorough understanding of OWASP Top 10, SANS Top 25 and secure coding techniques to avoid known cross-language as well as platform-specific weaknesses

+ Contributor to Open Source Project and familiarity with Open Source Software development toolchain and release cycle

+ Experience with static analysis tools and flaw triage such as HP Fortify, IBM Rational, Veracode or Coverity, FindBugs, FindSecurityBugs, Brakeman and Open Source scanning tools such as Sonatype CLM

+ Experience with dynamic scanners (WebInspect preferred)

+ Experience with Java security frameworks (Spring Security, JAAS, or Apache Shiro)

+ Working knowledge of and experience with at least one DevOps tool: Eclipse, Subversion, Hudson, Nexus, or HP ALM

+ Certifications: OSCP, CISSP, CSSLP, CISA, CEH, SANS or Cloud computing



**At this time, Capital One will not sponsor a new applicant for employment authorization for this position**



At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.                                               


Featured Employers

Featured Jobs

CareerConnection Video