Threat Modeling Practitioner
Company: Capital One
Location: Princess Anne
Posted on: May 15, 2022
Job Description:
Center 2 (19050), United States of America, McLean,
VirginiaThreat Modeling PractitionerSeeking a creative-thinker with
a background in areas such as Information Security Architecture,
Cyber Risk Management, or Cyber Intelligence Analysis with a desire
to join a team of fellow practitioners, currently on a journey to
help embed Threat Modeling into Capital One's corporate DNA.The
Threat Modeling Operations team, works to fully embed threat
modeling into Capital One's software delivery and risk management
processes. - The right candidate will be required to partner with
other areas of the Cyber organization to develop processes for
threat models to be consumed to inform and provide context for
other Cyber processes (application security testing, alert and
response playbook definitions, red team activities, risk
assessments). You will work on initiatives to integrate threat
modeling with risk management processes within Capital One. -The
right candidate must be pragmatic and practical in their
understanding of risk and security, but also willing to know when
to pull in experts and escalate. You collaborate and innovate with
other teams within Capital One to push the envelope in delivering
"Training, Education, and Support" (providing and delivering
educational materials and training tracks to support the adoption
of threat modeling), "Procedure, Governance, and Reporting"
(standardizing and evolving the Capital One Threat Modeling
procedure and executing to controls to ensure threat modeling
adoption is to a consistently high standard) and "Tooling and
Automation" (working with our customers, stakeholders and Product
Manager to understand their needs and goals and ensure the services
and tools the program delivers achieve maximum impact) across the
Enterprise.This role offers growth opportunities across many
disciplines as the right candidate will be able to present,
influence, educate, enable, and collaborate with application teams
and varying levels of leadership across the organization in
defining, improving, and maintaining their applications' threat
models.This role will require thinking outside the box, bringing
creativity and innovation to current processes with an aim to
continuously improve them, and have ownership and accountability
for deliveries and areas of responsibility. - -Responsibilities
- Play a key role in Cyber security and risk management processes
and a broad view of Cyber security risk frameworks (NIST, ISO,
COBIT) that you can tap to help us to align the threat modeling
program to the broader risk management practices at Capital
One
- Develop and execute governance for threat modeling and provide
reporting of compliance and adoption
- Produce educational training materials, whitepapers and blog
posts that support the adoption of threat modeling by associates
across the business
- Integrate threat modeling into organizational Risk Management
practices
- Partner with other functions in Cyber to enable those functions
to consume threat models to drive greater value from threat
modeling across Cyber
- Evolve the practice of threat modeling in Capital One, and
fully integrate threat modeling with Risk Management practices and
Software Development Life Cycle processes.
- Support our customers in adopting and using the threat modeling
tools we deliver for the business. Provide documentation to aid our
customers in using those tools, and establish process and
governance for the use of those tools.
- Identify and implement process improvements for the work
through KPIs and OKRs.
- Work with the customers and stakeholders of the threat modeling
program, feedback on our work and strive to use that feedback to
improve the delivery for the team and yourself.
- Plan and deliver work with the team through Agile and Scrum
practices to provide visibility and transparency. -
- Develop and execute data driven controls and reporting, and
drive outcomes into the teams that need to take action.
- Work with the Program leadership to present information and
influence change at senior management level.
- Establish formal Standards, Processes and Procedures and
execute associated Controls with regular reporting
- Analyze and present data using tools such as spreadsheets in
order to provide insights and recommendations for decisions
making
- Produce training materials
- Grow the presence of Capital One in the threat modeling
community across the industry.Basic Qualifications
- High School Diploma, GED, or equivalent certification
- At least 4 years of Information Technology or Cybersecurity
experience
- At least 3 years of experience in a Security Operations or Risk
or Process and Operations role
- At least 2 years of experience with Cloud technologies (Amazon
Web Services, Microsoft Azure, Google Cloud Platform)Preferred
Qualifications
- 1+ years of experience with Threat Modeling methodologies
- 1+ years of experience with developing Standards and
Procedures
- 1+ years of experience with cyber risk frameworks (CIS-RAM,
NIST)
- 1+ years of experience with producing educational and training
materials
- 1+ years of experience in developing dashboards and performance
reporting
- 1+ years of experience utilizing Agile methodologies
- 1+ years financial services industry experience
- 1+ years experience in Offensive or Defensive Security
techniques
- Professional certifications (Certified Information Systems
Security Professional (CISSP), AWS Cloud Practitioner, Certified
Cloud Security Professional (CCSP), AWS Certified Solutions
Architect, Certified Secure Software Engineer, GCDA, or GCIH)At
this time, Capital One will not sponsor a new applicant for
employment authorization for this position.No agencies please.
Capital One is an Equal Opportunity Employer committed to diversity
and inclusion in the workplace. All qualified applicants will
receive consideration for employment without regard to sex, race,
color, age, national origin, religion, physical and mental
disability, genetic information, marital status, sexual
orientation, gender identity/assignment, citizenship, pregnancy or
maternity, protected veteran status, or any other status prohibited
by applicable national, federal, state or local law. Capital One
promotes a drug-free workplace. Capital One will consider for
employment qualified applicants with a criminal history in a manner
consistent with the requirements of applicable laws regarding
criminal background inquiries, including, to the extent applicable,
Article 23-A of the New York Correction Law; San Francisco,
California Police Code Article 49, Sections 4901-4920; New York
City's Fair Chance Act; Philadelphia's Fair Criminal Records
Screening Act; and other applicable federal, state, and local laws
and regulations regarding criminal background inquiries.If you have
visited our website in search of information on employment
opportunities or to apply for a position, and you require an
accommodation, please contact Capital One Recruiting at
1-800-304-9102 or via email at . All information you provide will
be kept confidential and will be used only to the extent required
to provide needed reasonable accommodations.For technical support
or questions about Capital One's recruiting process, please send an
email to Capital One does not provide, endorse nor guarantee and is
not liable for third-party products, services, educational tools or
other information available through this site.Capital One Financial
is made up of several different entities. Please note that any
position posted in Canada is for Capital One Canada, any position
posted in the United Kingdom is for Capital One Europe and any
position posted in the Philippines is for Capital One Philippines
Service Corp. (COPSSC).
Keywords: Capital One, Alexandria , Threat Modeling Practitioner, Other , Princess Anne, Virginia
Didn't find what you're looking for? Search again!
Loading more jobs...