Company: Capital One – UK
Location: Nottingham

Apply

Nottingham

Nottingham Trent House (95002), United Kingdom, Nottingham, Nottinghamshire

At Capital One, we’re building a leading information-based technology company. Still founder-led by Chairman and Chief Executive Officer Richard Fairbank, Capital One is on a mission to help our customers succeed by bringing ingenuity, simplicity, and humanity to banking. We measure our efforts by the success our customers enjoy and the advocacy they exhibit. We are succeeding because they are succeeding.

Guided by our shared values, we thrive in an environment where collaboration and openness are valued. We believe that innovation is powered by perspective and that teamwork and respect for each other lead to superior results. We elevate each other and obsess about doing the right thing. Our associates serve with humility and a deep respect for their responsibility in helping our customers achieve their goals and realize their dreams. Together, we are on a quest to change banking for good.

Security Vulnerability and Remediation Manager

Capital One is committed to diversity in the workplace.

Reporting into the Head of Security Operations, our Security Vulnerability & Remediation Manager plays a crucial role in supporting and developing our vulnerability management activities.

The role is responsible for owning the vulnerability management process execution, system and architecture in the UK, leveraging automation to streamline and improve processes and time-to-fix. They will partner with the wider global Cyber team, as well as other technical teams to champion the vulnerability remediation lifecycle in the UK. They will act as the business owner’s subject matter experts on vulnerability impact and risk, providing guidance on root cause, and managing the full lifecycle of reported vulnerabilities through to closure.

Responsibilities:

Assessment and oversight of the remediation of vulnerabilities

  • Assess vulnerabilities, investigate tooling and countermeasures.

  • Review and validate vulnerability findings, providing false positive validation.

  • Advise technical and non-technical audiences on appropriate prioritization of patch deployment.

  • Support vulnerability remediation through re-test & closure

Vulnerability management reporting, education and awareness

  • Report and track remediation activities affecting on-premise, cloud hosted, perimeter environments

  • Support compliance and due diligence led activities and audits, including regulatory updates.

  • Collaborate with teams and stakeholders to create both tactical and strategic plans as it relates to vulnerability management.

  • Champion security best practice within technology and be regarded as the ‘go-to’ individual for security vulnerability management.

  • Provide security and remediation advice to cross-business stakeholders at a technical level.

  • Proactive identification and communication of external themes and threats.

  • Help drive security maturity in vulnerability management and security in general across the business, through positive engagement and teaching.

Vulnerability management UK process ownership and coverage

  • Maintain and further improve the scanning scope and capability of the vulnerability scanning service, through automation and tooling.

  • Provide vulnerability assessment scan guidance and training.

Experience:

  • Familiarity with Infrastructure and web application scanning tools (e.g. Qualys, Nessus, etc.) and relevant remediation management/risk tools.

  • Sound understanding of network/infrastructure and web/mobile application weakness and anti-patterns (CWE, OWASP)

  • A good understanding of information security principles and best-practices

About You:

  • A passion to make a difference and positively challenge the status quo through continuous improvement

  • Providing a thoughtful approach to risk management and controls simplification with measurable data driven outcomes ensuring all appropriate exception, issue or risk processes were strictly adhered to if non-compliances were discovered.

Any of these would also be great:

  • Familiarity with open-source tooling

  • Knowledge of SQL language

  • Knowledge of Python

  • Experience of cloud (e.g. AWS, Azure)

  • Experience with Kenna, Qualys or similar

  • Hands-on system infrastructure operations, security operations or a security engineering background

Capital One is committed to diversity in the workplace.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One’s recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).