Senior Application Security EngineerApply now Job ID RT792499 Updated date 03/20/2017 Locations Nottingham, England
At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.
Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.
Capital One is the 7th biggest bank in the U.S.A., with over $250B in assets and 60+ million customers. Within the UK, we're proud to say that we're amongst the Top 10 credit card providers.
Since our inception we've been a company built on bold, new ideas and an entrepreneurial spirit. Making lives better isn't an idle statement, it's our core vision, and applies to everything we do. For us, it's a no brainer. A happy customer is a loyal customer. By bringing ingenuity, simplicity, and, most importantly, humanity to the financial services industry we can succeed in delivering this goal.
In 2017, Capital One is continuing its rapid evolution to grow its business and we are completely focused on internally developed software and a Digital business mind-set across the board.
Information Security is an integral part of the corporate culture at Capital One UK. It is essential to maintaining our position as an industry leader in electronic payments, and it is the responsibility of every employee to safeguard information, protect it from unauthorised access, and ensure regulatory compliance. Information Security has a significant effect on privacy, consumer confidence, external reputation, and it is a priority on everyone's agenda.
The successful candidate will work closely with the UK Application Security group to build and drive the Application Security Engineering function for the Capital One UK Division. This function will be responsible for collaborating closely with software engineering teams through penetration testing, static analysis, security automation, security training and secure design as part of Capital One's global Application Security program to enable the UK Business.
This role will provide technical application security expertise to the wider UK Technology and Business. This role within UK Application Security must instill a culture that works toward the highest standards in application security engineering whilst ensuring that business requirements are understood and adhered to, and security risks in new and existing applications are properly understood and mitigated.
This position will take a leading role in the development of secure applications for Capital One UK including web, mobile, and APIs in the backdrop of an increased regulatory landscape within the UK.
This position reports to the UK Head of Application Security and can be based at a location that is appropriate for the right candidate.
- Provide hands on direction during the design and development of applications to support the business strategy
- Partner with stakeholders to embed application security requirements as part of their programs and strategy
- Help drive Capital One UK's competitive advantage in payments by facilitating the development of secure web and mobile applications
- Collaborate closely with colleagues within the wider global Information Security organisation and technology departments as well as the UK business to establish effective, productive relationships
- Deliver penetration testing of Web, Mobile, API and more
- Implement security automation
- Assist code reviews and open source software evaluations
- Empower delivery team resources by promoting application security awareness and standards through training, hacker-thons, mentoring and vulnerability demos
- Provide targeted application security requirements based on design, threats, industry best practices, and Capital One specific policy
- Influence delivery teams in the prioritisation of security activities and issue remediation
- Evaluate and recommend new and emerging application security products and technologies in coordination with the global Application Security group
- Coordinate the maintenance of the UK application inventory and risk profiles with delivery teams
- Establish credibility throughout the organisation by earning the reputation for being a proactive leader, positive disrupter and change agent
- Represent Capital One UK in relevant information security and cyber security communities
All About You:
- Extensive knowledge and demonstration of experience in securing web applications, mobile apps, and APIs/web services
- Strong knowledge of application security best practices including OWASP Top 10 and OWASP Mobile Top 10, along with an engineering oriented background
- Strong knowledge of web and mobile application security testing frameworks and methodologies
- Experience with enterprise application security and open source security tools including HP Fortify Source Code Analyzer (SCA), HP Software Security Center (SSC), HP WebInspect, Checkmarx, BurpSuite, OWASP Zap etc.
- Experience and familiarity working across the global cyber security community
- Technical knowledge in software engineering, system and network security, authentication and security protocols, cryptography, and network/web related protocols (e.g., TCP, UDP, HTTP, HTTPS)
- A proven ability to establish and sustain effective, professional relationships with Technology and Business; work closely with business partners to understand business drivers and market requirements; and provide leadership to the technology group to create the right security solutions for the market in the required time frames
- Knowledge of/experience with international compliance requirements/standards (PCI-DSS, GLBA, SOX, UK DPA) and other security regulation requirements
- Excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills
- Skilled at mentoring and communicating goals and other corporate initiatives and driving to results
- Certifications such as CSSLP, CREST, OSCP, OSCE or appropriate SANS Certifications desirable
- Ability to travel as needed
- Undergraduate degree in computer science, electrical engineering, information science, a related technical discipline, or equivalent work experience
- Extensive experience penetration testing and/or application security engineering
- Experience developing web, API, mobile applications preferred
If you require an accommodation to apply for a job or to perform a job, please contact Capital One Recruiting at 1-800-304-9102 or RecruitingAccommodation@capitalone.com.
All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com
Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.
Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).