Senior Manager, SaaS Platform Security

Senior Manager, SaaS Platform Security

Capital One is seeking a highly motivated and experienced Sr Manager, SaaS Platform Security to lead the charge in securing our web applications against the ever-evolving threat landscape of third-party JavaScript. At Capital One, we are committed to excellence and doing the right thing, and that includes protecting our customers and their data through robust security measures. As a technology-driven company, we are constantly innovating and leveraging cutting-edge solutions to ensure our products and services remain secure.

The Sr Manager, SaaS Platform Security is responsible for leading the selection, integration, and ongoing management of a vendor solution to enhance the security of third-party JavaScript running on Capital One's websites. You will lead a team of engineers to evaluate vendor solutions, drive the integration process, and ensure the ongoing effectiveness of the chosen solution. This role requires a blend of technical expertise, leadership skills, and a collaborative approach to working with stakeholders across the organization.

What you'll do...

• Lead the evaluation and selection of vendor solutions to address cybersecurity SaaS solutions addressing a wide array of challenges.
• Manage the integration of the chosen vendor solution into Capital One's existing security infrastructure, ensure all requirements are met, collaborating with internal teams and the vendor to ensure a smooth and successful implementation.
• Oversee the ongoing operation and maintenance of the vendor solution, ensuring its continued effectiveness in mitigating security risks.
• Lead and mentor a team of engineers, providing guidance, support, and development opportunities.
• Collaborate effectively with stakeholders across the organization, including product teams, engineering teams, and leadership.
• Develop and document comprehensive procedures for security assessments, vulnerability scanning, and other security processes.
• Create clear and concise documentation for incident response and escalation procedures, ensuring timely and effective mitigation of security incidents related to third-party JavaScript.
• Establish and maintain documentation for the configuration, deployment, and ongoing maintenance of the chosen vendor solution.
• Stay informed about industry best practices, emerging threats, and evolving technologies related to Cybersecurity.

About You...

• You possess a strong understanding of web security concepts, experience with JavaScript and web development technologies, and demonstrated leadership skills.
• You have experience managing vendor relationships, working with cross-functional teams, and leading technical projects.
• You have excellent communication and interpersonal skills, enabling effective collaboration with stakeholders and team leadership.
• You are knowledgeable about various security tools and technologies relevant to web application security (e.g., SAST/DAST, WAF).
• You are passionate about building and leading high-performing teams and fostering a collaborative and innovative environment.
• You have experience developing and documenting technical procedures and processes, with a focus on clarity, accuracy, and completeness.
• You possess excellent technical writing skills, enabling you to create easily understandable and actionable documentation for various audiences.
• You are committed to continuous learning and staying at the forefront of web security trends and best practices. You thrive in a dynamic technology landscape and adapt quickly to new challenges and opportunities.

Basic Qualifications:

• High School Diploma, GED, or equivalent certification
• At least 6 years of experience in web application security or product security
• At least 3 years of experience defining security requirements for web applications or software products
• At least 2 years of experience developing technical documentation for security processes or software applications
• At least 2 years of experience with JavaScript and web development technologies
• At least 2 years of experience with Python
• At least 4 years of experience with people management

Preferred Qualifications:

• Bachelor’s or an advanced degree in Computer Science or related discipline
• 4+ years of people leadership experience
• 3+ years of experience in cloud security
• 3+ years of product management experience
• 2+ years of experience in regulated financial services organizations
• 2+ years of experience creating documentation for security assessments, vulnerability management, or incident response processes
• 2+ years of experience with threat modeling and security assessments for web applications
• One or more of the following professional certifications: CISSP, GIAC (various), CISM, CCSP, CISA, CRISC, SAFe Product Management, AWS Security, AWS Advanced Networking Specialty, AWS Solutions Architect

At this time, Capital One will not sponsor a new applicant for employment authorization, or offer any immigration related support for this position (i.e. H1B, F-1 OPT, F-1 STEM OPT, F-1 CPT,…