Skip to main content
A close up of someone tapping their phone, with a lock illustration coming out of the phone

Boosting cybersecurity with ethical hacking

Arjun was trying to hack into Capital One’s offices, but nothing worked—to his relief. 

As a senior cyber security engineer for Capital One’s Offensive Security team, Arjun and his colleagues protect the company against virtual security threats. They employ ethical hacking—using many of the same tactics and techniques criminal hackers use—to keep Capital One products and networks safe.

“The longer our team does this work—and the more we collaborate—the more sophisticated our techniques get for testing the strength of Capital One’s security,” Arjun said. “As a result, our security gets stronger and stronger.”

Learn more about cyber security roles at Capital One that leverage technology and teamwork to protect the company, its customers and associates. 

Two separate pictures in a collage, on the left, Capital One associate Arjun, Sr. Cyber Secuirty Engineer, Offensive Security, sits at his laptop, and on the right, a headshot of Clint, Capital One Sr. Manager, Offensive Security in a suit jacket

Decoding offensive security

Offensive Security divides its work into three teams: PenTest, Red Team and Responsible Disclosure/Bug Bounty. 

Associates in PenTest, which stands for “penetration testing,” examine Capital One products and applications to identify and exploit as many vulnerabilities as possible. The tests are done with the product owner’s knowledge and can take up to four weeks. 

Clint, a senior manager for Offensive Security, performs PenTests of applications and related infrastructure, like endpoints, databases and payments. This work protecting customers from threats is what convinced Clint to join Capital One in 2020 after spending much of his career working for the Department of Justice and the U.S. Navy Reserve.

“You feel like you’re part of a team and a greater mission,” Clint said. “We’re affecting change in a really powerful way.”

Red Team includes covert agents who emulate real-world attack scenarios to evaluate defensive capabilities over the course of multiple months. Arjun is a member of the Red Team, and his attempt to hack into Capital One’s offices was part of the team’s work to identify any vulnerabilities before the bad guys can. 

“We get to be really creative and use our imaginations because we’re throwing anything we can at Capital One’s systems and products to try and bypass our corporate defenses,” Arjun said. “It’s a game of cat and mouse.”

Responsible Disclosure/Bug Bounty manages vulnerabilities discovered by associates and external security researchers. Aurielle, a principal security engineer, performs triage on the vulnerability reports. She then coordinates correcting the issue by working with the team that owns the product at risk and the individual or vendor who found the problem. 

While Aurielle uses her technical know-how to sort through any issues, she said communication is one of the most important skills in her role

“We have to explain to other teams—Card, Marketing or Financial Services—what the issue is and how we can make it better in a non-technical way that they can understand,” Aurielle said. “I love that educational component.”

A collage of two images, on the left, Capital One Sr. Cyber Technical Associate, Offensive Security Jay stands in front of a house outside and on the right, Capital One Principal Security Engineer, Offensive Security Aurielle stands in front of a white wall smiling

Sharing cybersecurity knowledge

Offensive Security associates give back by sharing their findings, solutions and methodologies with colleagues across Capital One through an internally-developed resource that provides associates the chance to learn about offensive security from peers who are subject matter experts. 

The Offensive Security team creates and leads workshops, demonstrations and learning tracks that help associates prepare for offensive security certifications. Jay, a senior cyber technical associate for Offensive Security, has presented on web application finding and hosted a hacking workshop.

“Our emphasis on learning and teaching is my favorite part because we’re actively equipping associates with the skills to identify and solve risks to our digital infrastructure,” Jay said. “We’re never resting on our knowledge. We’re always learning.”

For Clint, who has taught cybersecurity at the collegiate level before, Offensive Security’s work represents everything he loves about working at Capital One: continuously innovating, countless learning opportunities and sharing knowledge so the whole company can grow together.

“You don’t encounter people at Capital One who say ‘I’ve been doing this for 20 years, I don’t need to learn anything,’” he said. “We stay at the forefront of tech because we’re curious and collaborative.”

Copyright © 2024

Opinions are those of the individual author. Statements are deemed accurate at the time of posting. Unless otherwise noted, Capital One is not affiliated with, or endorsed by, any company mentioned. All trademarks and intellectual property used or displayed are the property of their respective owners. 

Job Alerts

Don’t miss a thing. Stay in the know about opportunities you may be interested in!

Interested InTo create job alerts, you can either select a job category from the list of options or search by location. For location, you can search by city, state, zip or “remote”, then click 'Add'. Once done, click ‘Sign up’ to receive your job alerts.

By submitting your information, you acknowledge that you have read our privacy policy and consent to receive email communication from Capital One.

*Required Field