Capital One - McLean, VA
posted 4 months ago
Capital One is seeking a technical expert in Cloud Security to execute on cyber strategy, while playing a key role in assessing, challenging, and advising on infrastructure, platform, and software services in the cloud. The ideal candidate will display a strong understanding of industry best practices in the Cloud including governance, engineering, architecture, and networking. You will collaborate closely with associates in Cyber, Technology, the lines of Business, and risk management offices. You will evaluate and make recommendations to bolster and secure Capital One's cloud governance, engineering, architecture, and on fun controls and practices. In addition, you will provide recommendations to teams regarding ways to safeguard Capital One's Information Assets by contributing to the identification, analysis, solutioning of new or emerging cyber-based threats impacting our cloud environments. You believe that a core component of security's role is to enable the business, not just to secure it, and the solutions you bring to life are aligned to the needs of our developer community and business partners. You thrive in working in a fast-paced, technologically forward-leaning environment and are not afraid to push the boundaries of security capabilities. You feel at home in the cloud and are an expert in delivering cloud-native security solutions. In this role, you will design, architect, and help implement Cloud Security Architecture to modernize our cloud. You will assess cloud service offerings from AWS, Microsoft Azure, or Google Cloud Platform (GCP) to identify threats, risks, and controls to secure the service. You will encourage innovation, implementation of cutting-edge technologies, outside-of-the-box thinking, teamwork, and self-organization to find efficiencies in our cloud security assessment process. You will lead threat modeling of cloud services and participate in the management of the overall Cloud Control Inventory, Procedure documents, Cloud Service Catalog, and Service Adoption Framework (SAF) Reports. You will perform content and quality assurance reviews of Cloud Controls Exceptions and SAF assessments to provide risk-based recommendations. Staying current on emerging Cloud computing vulnerabilities, threats, controls, and potential implications for Capital One will be essential. You will operate as a trusted advisor for cloud services, helping junior team members and developers understand threats and risk mitigation options for cloud services. Collaboration with colleagues, stakeholders, lines of business, and leaders across multiple organizations will be key to achieving Capital One Cloud Security objectives. You will define cloud control intent through Policy-As-Code (PaC) using Rego Policy Language and participate in the testing of control design and feasibility study (both manually and through automation) prior to the rollout of Cloud services for enterprise-wide consumption.