Senior Manager, SaaS Platform Security

Capital One is seeking a highly motivated and experienced Sr Manager, SaaS Platform Security to lead the charge in securing our web applications against the ever-evolving threat landscape of third-party JavaScript. At Capital One, we are committed to excellence and doing the right thing, and that includes protecting our customers and their data through robust security measures. As a technology-driven company, we are constantly innovating and leveraging cutting-edge solutions to ensure our products and services remain secure.

The Sr Manager, SaaS Platform Security is responsible for leading the selection, integration, and ongoing management of a vendor solution to enhance the security of third-party JavaScript running on Capital One's websites. You will lead a team of engineers to evaluate vendor solutions, drive the integration process, and ensure the ongoing effectiveness of the chosen solution. This role requires a blend of technical expertise, leadership skills, and a collaborative approach to working with stakeholders across the organization.

What you'll do...

• Lead the evaluation and selection of vendor solutions to address cybersecurity SaaS solutions addressing a wide array of challenges.

• Manage the integration of the chosen vendor solution into Capital One's existing security infrastructure, ensure all requirements are met, collaborating with internal teams and the vendor to ensure a smooth and successful implementation.

• Oversee the ongoing operation and maintenance of the vendor solution, ensuring its continued effectiveness in mitigating security risks.

• Lead and mentor a team of engineers, providing guidance, support, and development opportunities.

• Collaborate effectively with stakeholders across the organization, including product teams, engineering teams, and leadership.

• Develop and document comprehensive procedures for security assessments, vulnerability scanning, and other security processes.

• Create clear and concise documentation for incident response and escalation procedures, ensuring timely and effective mitigation of security incidents related to third-party JavaScript.

• Establish and maintain documentation for the configuration, deployment, and ongoing maintenance of the chosen vendor solution.

• Stay informed about industry best practices, emerging threats, and evolving technologies related to Cybersecurity.

About You...

• You possess a strong understanding of web security concepts, experience with JavaScript and web development technologies, and demonstrated leadership skills.

• You have experience managing vendor relationships, working with cross-functional teams, and leading technical projects.

• You have excellent communication and interpersonal skills, enabling effective collaboration with stakeholders and team leadership.

• You are knowledgeable about various security tools and technologies relevant to web application security (e.g., SAST/DAST, WAF).

• You are passionate about building and leading high-performing teams and fostering a collaborative and innovative environment.

• You have experience developing and documenting technical procedures and processes, with a focus on clarity, accuracy, and completeness.

• You possess excellent technical writing skills, enabling you to create easily understandable and actionable documentation for various audiences.

• You are committed to continuous learning and staying at the forefront of web security trends and best practices. You thrive in a dynamic technology landscape and adapt quickly to new challenges and opportunities.

Basic Qualifications:

• High School Diploma, GED, or equivalent certification

• At least 6 years of experience in web application security or product security

• At least 3 years of experience defining security requirements for web applications or software products

• At least 2 years of experience developing technical documentation for security processes or software applications

• At least 2 years of experience with JavaScript and web development technologies

• At least 2 years of experience with Python

• At least 4 years of experience with people management

Preferred Qualifications:

• Bachelor's or an advanced degree in Computer Science or related discipline

• 4+ years of people leadership experience

• 3+ years of experience in cloud security

• 3+ years of product management experience

• 2+ years of experience in regulated financial services organizations

• 2+ years of experience creating documentation for security assessments, vulnerability management, or incident response processes

• 2+ years of experience with threat modeling and security assessments for web applications

• One or more of the following professional certifications: CISSP, GIAC (various), CISM, CCSP, CISA, CRISC, SAFe Product Management, AWS Security, AWS Advanced Networking Specialty, AWS Solutions Architect

At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT, J-1, TN, or another type of work authorization).

The minimum and maximum full-time annual salaries for this role are listed below, by location. Please note that this salary information is solely for candidates hired to perform work within one of these locations, and refers to the amount Capital One is willing to pay at the time of this posting. Salaries for part-time roles will be prorated based upon the agreed upon number of hours to be regularly worked.

McLean, VA: $225,400 - $257,200 for Sr Manager, Cyber Technical

New York, NY: $245,900 - $280,600 for Sr Manager, Cyber Technical

Plano, TX: $204,900 - $233,800 for Sr Manager, Cyber Technical

Richmond, VA: $204,900 - $233,800 for Sr Manager, Cyber Technical

Candidates hired to work in other locations will be subject to the pay range associated with that location, and the actual annualized salary amount offered to any candidate at the time of hire will be reflected solely in the candidate's offer letter.

This role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.

Capital One offers a comprehensive, competitive, and inclusive set of health, financial and other benefits that support your total well-being. Learn more at theCapital One Careers website. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

This role is expected to accept applications for a minimum of 5 business days.

No agencies please. Capital One is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth or related medical conditions), race, color, age, national origin, religion, disability, genetic information, marital status, sexual orientation, gender identity, gender reassignment, citizenship, immigration status, protected veteran status, or any other basis prohibited under applicable federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City's Fair Chance Act; Philadelphia's Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).

Capital One is an equal opportunity employer committed to diversity in the workplace. Capital One promotes a drug-free workplace.

All qualified applicants will receive consideration for employment without regard to gender, race, color, religion, national origin, sexual orientation, protected veteran status, or disability status.

Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; Newark, New Jersey Ordinance 12-1630; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

Minimum Salary: 34320.00 Maximum Salary: 34320.00 Salary Unit: Yearly