Location: London or Nottingham, United Kingdom. This permanent position is located at either London or Nottingham Head Offices with a hybrid working model.
About the Role
Capital One Offensive Security is dedicated to reducing cyber risk by uncovering vulnerabilities in the enterprise cyber environment through coordinated ethical hacking and penetration testing scenarios. The Penetration Tester will plan, coordinate, execute, and report sophisticated ethical hacking exercises, identify cyber vulnerabilities, and provide recommendations to management to improve the security posture of enterprise systems. The role focuses on application and network security assessments and building industry-leading ethical hacking capabilities to protect Capital One’s brand, systems, and data.
What You’ll Do
- Perform penetration testing of APIs, web applications, networks, and cloud services.
- Assess development practices and help drive corporate security standards.
- Triage and test application responsible disclosure findings and newly disclosed vulnerabilities.
- Collaborate with developers to improve the Software Development Lifecycle (SDLC) for applications.
- Present findings, risks, and conclusions to technical and non-technical audiences.
- Influence stakeholders and delivery teams on prioritization of security activities and remediation.
- Establish relationships across the Global Cyber organization and technology departments.
What We’re Looking For
- Information security experience in red teaming, penetration testing, application security, or network security.
- Strong knowledge of Web, API and mobile application security testing frameworks and methodologies.
- Familiarity with testing tools such as BurpSuite, OWASP Zap, SoapUI, etc.
- Knowledge of application security best practices including OWASP Top 10.
- Understanding of networking concepts, Windows, Linux, Mac OS, cloud and web application vulnerabilities.
- Experience with threat modeling frameworks such as CVSS, MITRE ATT&CK, DREAD, or STRIDE.
- Technical knowledge in software engineering, system and network security, authentication, security protocols, cryptography, and HTTP/HTTPS.
Additional Desired Qualifications
- Bachelor’s Degree or equivalent certification.
- Experience testing cloud environments (AWS, Azure, GCP).
- Offensive security tool development or customization.
- Programming in interpreted or compiled languages (Python, Bash, PowerShell, Perl, Ruby, C, C++, C#, Golang, Rust, Java, Objective‑C).
- Penetration testing experience with IoT devices, mobile applications, or code review.
- Certifications such as OSCP, OSCE, GPEN, GXPN, CRTO, CREST Certified Simulated Attack Manager.
Benefits
- Rewarding role contributing to Capital One’s cyber security roadmap.
- Strong career progression with training programmes.
- Core benefits: pension scheme, bonus, generous holiday entitlement, private medical insurance.
- Flexible benefits: season-ticket loans, cycle-to-work scheme, enhanced parental leave.
- Open‑plan workspaces with amenities such as fitness facilities, subsidised restaurants, mindfulness rooms.
Work Arrangements
Permanent position. Hybrid model: 3 days a week in London or Nottingham head office, plus flexibility to work from home. Flexible working arrangements available.
Equal Opportunity Statement
Capital One is committed to diversity in the workplace. If you require a reasonable adjustment, please contact ukrecruitment@capitalone.com. All information will be kept confidential and will only be used for the purpose of applying a reasonable adjustment.
#J-18808-Ljbffr…
