Open Source Automation Engineer--Threat Modeling

7900 Westpark Drive (12131), United States of America, Tysons, Virginia
At Capital One, we're building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.
Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.
Open Source Automation Engineer--Threat Modeling
Security is essential to what we do at Capital One, from protecting our customers to our associates. In Capital One security is an enabler to support the business goals through innovation, not a step in the compliance process. Capital One is implementing Threat Modeling as a core discipline to embed cyber controls into our delivery lifecycle. To support this aim Capital One has created an Enterprise Threat Modeling team The successful candidate will join the Cyber Threat Modeling team which will be responsible for the delivery of repeatable processes, tools, databases and artifacts to support the business create, own and maintain Threat Models.
Some example deliverables of the team will be:
Partner closely with senior stakeholders throughout Capital One to establish and grow a Threat Modeling culture
Build and execute the enterprise rollout of Threat Modeling
Deliver training for Threat Modeling and Threat Model facilitation
Develop common tools to support the Threat Modeling as a service
Integrate Threat Modeling with next generation architecture such as Machine Learning
Use data driven processes to provide insight into emerging threats and exposure
Use Agile methodologies to incrementally add value to existing features
Driving the adoption of Threat Modeling throughout Capital One
Working with varied stakeholders to provide threat modeling training
Coaching and mentoring of application owners, users and delivery teams with respect to Threat Modeling
Development of a common toolset for enterprise adoption that allows sharing and reuse of knowledge and models
Define, create and report on KPI's to measure effectiveness and maturity of Threat Modeling at various levels within the Enterprise
Lead community activities to create a Threat Modeling culture at all levels of the organization
Represent Capital One Threat Modeling program at external events
Review and critically appraise market research to identify new tools, technologies and frameworks that could improve security and data governance posture
Engage with vendors and external special interest groups to determine future direction
Have experience with cloud technology and security
Love to build awesome products
Demonstrate strong stakeholder management skills
Possess hands on Agile organizational and delivery skills
Demonstrate personal evidence of technical implementation experience
Basic Qualifications:
Bachelor's degree or military experience
At least 1 year of experience implementing Threat Modeling as a program
At least 2 years of open source engineering experience
Preferred Qualifications:
Cloud certification, specifically AWS, GCP, Microsoft Azure
Certification in one or more of the following: CISSP, CISM, CISA, CRISC, ISEB
Experience of training and facilitation
Experience with Machine Learning
At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.