Principal Associate, Penetration Tester

About the position

Capital One's Offensive Security team is dedicated to reducing cyber risk by identifying vulnerabilities and weaknesses within the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios. The Principal Associate, Penetration Tester will work closely with team members to plan, coordinate, execute, and report on sophisticated ethical hacking exercises aimed at uncovering cyber vulnerabilities and enhancing the risk posture of enterprise systems. This role is pivotal in performing application and network security assessments, providing management with actionable recommendations for effective countermeasures. The successful candidate will thrive in a dynamic environment, contributing to the development and delivery of industry-leading ethical hacking capabilities that protect and defend the Capital One brand, systems, and data. As part of the Cyber Operations and Intelligence program, the Offensive Security team plays a crucial role in identifying opportunities to enhance Capital One's information security posture against a wide array of cyber threats, while also developing strategies to effectively address these threats. Key responsibilities include performing penetration testing on APIs, web applications, networks, and cloud services, as well as assessing Capital One's development practices to drive corporate security standards. The role also involves triaging and testing application responsible disclosure findings and newly disclosed vulnerabilities, and collaborating with developers to improve the Software Development Lifecycle (SDLC) for applications.