Director of Application Security Engineering

Capital One Financial Corporation, incorporated in July 21, 1994, is a diversified banking company focused primarily on consumer and commercial lending and deposit origination. Its principal business segments are Local Banking and National Lending.

You will be involved as the product owner of a solution we’re devolving to obtain this goal. Additionally you will be responsible in driving the DevSecOps agenda and ensuring application security can meet the needs of CI/CD. This role is involved in projects or issues of high complexity that require master level knowledge across multiple technical areas and business segments.

- Strong written and verbal communication skills. - Deep experience in enabling organizations with DevSecOps - Strong experience in rolling out Threat Modeling enterprise wide that can be consumed by developers and engineers - Ability to prioritize and set the destiny of a security product - Calmness and clarity of thought under pressure and ability to maintain confidentiality. - Ability to maintain the goals and culture of the organization. - High levels of integrity in the conduct of personal and professional affairs. - Demonstrated leader with team-oriented interpersonal skills, with the ability to interface effectively upper management, IT leaders, and technology vendors. - Ability to work well under minimal supervision, reporting to the head of application security **Basic Qualifications:** - A bachelor’s degree or military experience - At least 7 years of experience in Information Security - At least 7 years of experience with Applications Security, including familiarity with the leading toolsets supporting Application Security - At least 2 years of experience with product design, delivery, and ownership - At least 3 years experience in threat modeling **Preferred Qualifications:** - 2 years of agile experience. - 2 years of experience with DevSecOps - 1 year experience with ATDD/BDD - 1 year of experience with architecting and designing security infrastructures with special emphasis on cloud environments. - 1 year of experience with SOX and regulatory and statutory compliance. - Professional security management certification, such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)