Key skills
CloudIoTJavaLinuxObjective-CPerlPythonRubyRustSDLCGoC#C++CGolangBashPowerShellSoapUIOWASPPenetration TestingNetwork Security
About this role
Role Overview
- Perform penetration testing of APIs, web applications, networks, and cloud services, as well as related applications and infrastructure
- Assess Capital One’s development practices and help drive corporate security standards
- Help triage and test application responsible disclosure findings and newly disclosed vulnerabilities
- Work with developers to improve the Software Development Lifecycle (SDLC) for applications
- Present findings, risks and conclusions to technical and non-technical audiences
- Collaborate closely with the business throughout remediation including influencing stakeholders and delivery teams on prioritization of security activities and issue remediation
- Establish effective and productive relationships with colleagues across the Global Cyber organization and technology departments as well as the UK business
Requirements
- Information security experience in one or more of the following areas: red teaming, penetration testing, application security, or network security
- Strong knowledge of Web, API and mobile application security testing frameworks and methodologies
- Familiarity with penetration testing tools such as BurpSuite, OWASP Zap, SoapUI etc.
- Strong knowledge of application security best practices including OWASP Top 10
- Should have a strong understanding of networking concepts, Windows, Linux and Mac operating systems, cloud and web application vulnerabilities and exploitation
- Experience with threat modeling concepts and frameworks (CVSS, MITRE ATT&CK, DREAD, or STRIDE)
- Technical knowledge in software engineering, system and network security, authentication and security protocols, cryptography, and network/web related protocols (e.g., TCP, UDP, HTTP, HTTPS)
- Bachelor's Degree or equivalent certification is advantageous
- Security testing of cloud environments is advantageous
- Experience in offensive security tool development, customization or expansion is advantageous
- Ability to code comfortably in one or more interpreted languages (e.g., Python, Bash, PowerShell, Perl, Ruby) and one or more compiled languages (e.g., C, C++, C#, Golang, Rust, Java, Objective-C)
- Penetration testing experience with Internet of Things (IoT) devices, mobile applications, or code review is advantageous
- One or more of the following certifications (OSCP, OSCE, GPEN, GXPN, CRTO, CREST Certified Simulated Attack Manager) is advantageous
Tech Stack
- Cloud
- IoT
- Java
- Linux
- Objective-C
- Perl
- Python
- Ruby
- Rust
- SDLC
- Go
Benefits
- Immediate access to our core benefits including pension scheme, bonus, generous holiday entitlement and private medical insurance – with flexible benefits available including season-ticket loans, cycle to work scheme and enhanced parental leave
- Open-plan workspaces and accessible facilities designed to inspire and support you
- Our Nottingham head-office has a fully-serviced gym, subsidised restaurant, mindfulness and music rooms
- In London, you can heighten your mood with a run on our rooftop running track or an espresso at the Workshop Coffee café