Sign In
 [New User? Sign Up]
Mobile Version

Application Security Tester - Manager

Capital One

McLean, VA
Job Code:
  • Financial Services
  • Computers/IT/Technology
  • Banking/Financial Services
  • Internet/New Media
  • Save Ad
  • Email Friend
  • Print
  • Research Salary

Job Details

Company Capital One

Job Title: Application Security Tester - Manager:

JobID: capitalone2-R19944

Location: McLean, VA, 22106, USA

Description: McLean 1 (19050), United States of America, McLean, Virginia

Application Security Tester - Manager:

Security is essential to what we do at Capital One, from protecting our customers to our associates. As an AppSec team member, you are passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process.

At Capital One, you will work to test applications (web-app, mobile, APIs, static code, open source, etc.) to help ensure they are built securely. You will use automated and manual testing techniques (static and dynamic) to find issues and then work with developers to close them. You get excited about security and are proud when you find and close issues. You are pragmatic and practical in your understanding of risk and security, but also willing to know when to pull in experts and escalate. You collaborate and innovate with other security groups within Capital One to push the envelope. You are willing to put in the time and effort to learn about the field and enhance your skillset. You are ambitious, thoughtful, self-motivated and want to develop solutions to unique technical challenges.


+ Perform manual web application security assessments (web-app, mobile, and API) using Capital One’s testing framework and methodology

+ Perform automated web application security testing using Capital One tools (HP WebInspect, Fortify, Burp, CheckMarx, NowSecure, etc.)

+ Lead and provide guidance to a team of geographical dispersed junior testers

+ Act as a central point of contact for AppSec within your line of business

+ Develop and maintain a deep understanding of the risks and applications within your line of business

+ Provide detailed and thoughtful remediation recommendations

+ Have an understanding of Capital One development methodologies, including Agile development

+ Work closely with business and engineering teams to promote secure code development throughout the development process

+ Promote security awareness by participating in Agile Release Trains

+ Review application penetration test findings with the application owner and collaborate in efforts to eliminate or remediate risks associated with those findings

+ Analyze code for vulnerabilities, and provide secure code examples

+ Teach web application security trainings that cover common vulnerabilities

**About You:**

+ You are passionate about information security and take your personal time to investigate and develop your skills in this field

+ You work well in a dynamic and changing environment

+ You have excellent communication and presentation skills to executive leadership

+ You are willing to be cross-trained across all the domains of AppSec (dynamic automated testing, static testing, manual testing, governance, and education)

+ You have excellent problem solving, critical thinking, and analytic skills

+ You can effectively work with your peers to collaborate and share experiences

+ You are able to work well under minimal supervision

+ You are a demonstrated leader with team-oriented interpersonal skills and the ability to interface effectively with a broad range of people and roles, including upper management, IT leaders, and technology vendors

**Basic Qualifications:**

+ A Bachelor's Degree, or military experience

+ At least 4 years of experience performing manual application penetration tests

+ At least 2 years of experience managing junior testers

+ At least 4 years of exposure to OWASP

+ At least 4 years of experience with common web application testing tools: BURP, ZAP, WebInspect, AppScan or Fortify

**Preferred Qualifications:**

+ 2 years of Information Security experience supporting the Financial Services sector

+ 2 years of experience in developing one or more of the following languages - Go, SWIFT, Objective C , JAVA, or .NET

+ 2+ years of experience with full scope network and infrastructure penetration testing.

+ 1 year of networking experience

+ Certification in the field of Information Security CISSP, CISM, CEH, GIAC CPEN, OSCP, OSWE, CWAPT, GWAPT, or GWEB

At this time, Capital One will not sponsor a new applicant for employment authorization for this position

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.                                               

Featured Employers

Featured Jobs

CareerConnection Video