At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.
Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.
Threat Modelling Engineer
Security is essential to what we do at Capital One, from protecting our customers to our associates. As part of the Cyber team, you are passionate about security and risk management. You see security as an enabler and differentiator to enable the business through innovation, not a step in the compliance process. Capital One is implementing threat modeling as a core discipline to embed cyber controls into our delivery lifecycle.
The successful candidate will join the Cyber Threat Modeling team and will be responsible for delivering an enterprise programme that includes everything from evangelism and training to process and tool development.
- Driving the adoption of threat modeling throughout Capital One
- Partner closely with stakeholders to establish and grow a threat modeling culture through community engagement
- Leadership, coaching, training and mentoring of application owners, users and engineering delivery teams with respect to threat modeling
- Development of a common toolset for enterprise adoption that allows sharing and reuse of knowledge and models
- Use data-driven processes to provide insight into emerging threats and exposure
- Define, create and report on KPIs to measure effectiveness and maturity of threat modeling at various levels with the Enterprise
- Lead community activities to create a threat modeling culture at all levels of the organisation
- Represent the Capital One Threat Modeling programme at external events
- Review and critically appraise commercial and open source tools, identify new tools, technologies and frameworks that could improve security and data governance posture
- Engage with vendors and external special interest groups to determine future direction
- Use Agile and Lean methodologies to incrementally add value to existing features
You will need to:
- Show demonstrable experience or interest in information security
- Have an active interest in threat modeling
- Demonstrate effective written and verbal communication skills
- Demonstrate strong stakeholder management skills
- Possess hands-on Agile organisational and delivery skills
- Demonstrate personal evidence of technical implementation experience
- Education and qualifications:
- Degree or relevant experience
- Desirable: Certification in one or more of the following: CISSP, CISM, CISA, CRISC, ISEB Certificate in Information Security Management Principles
- Desirable: Cloud certification, specifically AWS, GCP, Microsoft Azure
Preferable practical experience:
- Previous experience working in an information security or software engineering role
- Working in a financial or highly regulated environment
- Cloud, Container technology and security
- Experience of training, facilitation and public speaking
- Technical risk analysis, assessment and mitigation
- Proficiency in a programming language
Capital One is committed to diversity in the workplace.
If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com
Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.
Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).