Cyber Perimeter Defense Analyst, CSOC

Center 2 (19050), United States of America, McLean, Virginia

Cyber Perimeter Defense Analyst, CSOC

The CSOC: Perimeter Defense team at Capital One is responsible for performing proactive detection of advanced threat actors and ensuring that identified attacks are thwarted within our environment. As an application security support, subject matter expert (SME), you will be responsible for identifying and combating externally facing application focused attack efforts. You will continually develop new and creative ways to detect malicious activity and help coordinate testing those techniques within Capital One’s network. You will also be working with vendors and other internal teams to identify and understand their exposure to ensure coverage. You will also have the opportunity to train and mentor junior cyber security specialists.

General Responsibilities

• Analyze output of network, cloud and application logs to distinguish malicious and normal activity.

• Design and implement controls in collaboration with enterprise and vendor teams to improve detection and mitigation of potential threats.

• Perform behavioral analysis to identify attacks versus normal user traffic.

• Continuous evaluation of current detection methods to improve and streamline processes.

• Proactively identify potential threat vectors and work with teams to improve prevention and detection methods.

• Serve as Technical SME for application security and as the technical lead for various attack definition and resolution efforts.

• Work with multidisciplinary teams across operations, intel, engineering and other LOB organizations to iteratively improve security controls and detection/prevention capabilities.

• Train and mentor junior team members.

Basic Qualifications

• High School Diploma, GED or Equivalent Certification

• At least 2 years of experience in the Cyber Security field

• At least 2 years of experience working in network security

• At least 2 year of experience working with log aggregation, parsing, analysis and monitoring to detect or alert on threat activities

• At least 2 year of experience working with threat landscapes (credential abuse, web content scraping or account takeovers)

• At least 1 year of troubleshooting experience investigating false positives

• At least 1 year of experience with Customer Facing Sign In flows and principles of Multi-Factor Authentication

Preferred Qualifications

• 2 years experience with parsing and analyzing big data

• At least 1 year of experience with application development and data engineering.

• Utilizing big data technologies and querying techniques

• At least 2 years of experience using Security Information and Event Management technologies (Securonix,ELK, or Splunk)

• Proficient in javascript, SQL, or python.

• Experience monitoring and analyzing logs from cloud hosted applications.

• Knowledge of identity and access management systems and processes including digital certificates, single sign on etc.

• Understanding of OWASP top 10 and the HTTP protocol.

• Knowledge of various attacker techniques, malware analysis and reverse engineering.

• Working knowledge of Security principles and frameworks

• Understanding of OWASP mitigation techniques

• Experience working with third party partners and API’s

• Experience with Shape Security Products and WAF technologies.

• Familiar with Bot management and automation

At this time, Capital One will not sponsor a new applicant for employment authorization for this position.

No agencies please. Capital One is an Equal Opportunity Employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to sex, race, color, age, national origin, religion, physical and mental disability, genetic information, marital status, sexual orientation, gender identity/assignment, citizenship, pregnancy or maternity, protected veteran status, or any other status prohibited by applicable national, federal, state or local law. Capital One promotes a drug-free workplace. Capital One will consider for employment qualified applicants with a criminal history in a manner consistent with the requirements of applicable laws regarding criminal background inquiries, including, to the extent applicable, Article 23-A of the New York Correction Law; San Francisco, California Police Code Article 49, Sections 4901-4920; New York City’s Fair Chance Act; Philadelphia’s Fair Criminal Records Screening Act; and other applicable federal, state, and local laws and regulations regarding criminal background inquiries.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at RecruitingAccommodation@capitalone.com. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

For technical support or questions about Capital One's recruiting process, please send an email to Careers@capitalone.com

Capital One does not provide, endorse nor guarantee and is not liable for third-party products, services, educational tools or other information available through this site.

Capital One Financial is made up of several different entities. Please note that any position posted in Canada is for Capital One Canada, any position posted in the United Kingdom is for Capital One Europe and any position posted in the Philippines is for Capital One Philippines Service Corp. (COPSSC).