Tester jobs in United States, New York, New York

Job responsibilities

• Collaborate with other Assessments & Exercises team members to conduct testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies to ensure alignment with industry standards and regulatory requirements
• Partner with subject matter experts to evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
• Develop comprehensive assessment reports, including detailed findings, risk assessments, and remediation recommendations, and effectively communicate these insights to relevant stakeholders as you contribute to decisions that yield continuous improvement
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy

Required qualifications, capabilities, and skills

• 3+ years of experience in cybersecurity or resiliency, with a focus on offensive security testing, assessments, or simulation exercises
• Experience conducting manual penetration tests against a wide variety of applications and technologies including web, API, and mobile (Android & iOS) applications
• Expertise in common cybersecurity threats and technology resiliency risks pertaining to the US financial services sector
• Proficiency in at least two security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework, offensive testing tools, or resiliency testing equivalents
• Demonstrated collaboration, communication (written and verbal), and executive reporting skills, with the ability to work effectively with cross-functional teams and convey complex cybersecurity concepts and recommendations to diverse stakeholders

Preferred qualifications, capabilities, and skills

• Proficiency in security concepts for both Windows and Unix-like Operating Systems
• Additional experience in testing thick clients, internal and external facing infrastructures, and cloud platforms (AWS/Azure/GCP)
• Experience in source code review and/or building software with multiple programming languages (i.e. Python, Java, Rust, etc.)
• Experience in reverse engineering thick clients and mobile applications
• Certifications like OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, BSCP

Contribute to leading-edge security and resilience efforts, advancing protective strategies and propelling continuous improvement.

As an Assessments & Exercises Vice President in the Cybersecurity & Technology Controls team, you will contribute significantly to enhancing the firm's cybersecurity or resiliency posture by using industry-standard assessment methodologies and techniques to proactively identify risks and vulnerabilities in people, processes, and technology. Design and deploy risk-driven tests and simulations and inform analysis to clearly outline root-causes. In this role, you will evaluate preventative controls, incident response processes, and detection capabilities, and advise cross-functional teams on security strategy and risk management.

Job responsibilities

• Design and execute testing and simulations – such as penetration tests, technical controls assessments, cyber exercises, or resiliency simulations, and contribute to the development and refinement of assessment methodologies, tools, and frameworks to ensure alignment with the firm’s strategy and compliance with regulatory requirements
• Evaluate controls for effectiveness and impact on operational risk, as well as opportunities to automate control evaluation
• Collaborate closely with cross-functional teams to develop comprehensive assessment reports – including detailed findings, risk assessments, and remediation recommendations – making data-driven decisions that encourage continuous improvement
• Utilize threat intelligence and security research to stay informed about emerging threats, vulnerabilities, industry best practices, and regulations. Apply this knowledge to enhance the firm's assessment strategy and risk management. Engage with peers and industry groups that share threat intelligence analytics

Required qualifications, capabilities, and skills

• 5+ years of experience in cybersecurity or resiliency, with demonstrated exceptional organizational skills to plan, design, and coordinate the development of offensive security testing, assessments, or simulation exercises
• Significant experience conducting manual penetration tests against a wide variety of applications and technologies including web, API, and mobile (Android & iOS) applications
• Knowledge of US financial services sector cybersecurity or resiliency organization practices, operations risk management processes, principles, regulations, threats, risks, and incident response methodologies
• Ability to identify systemic security or resiliency issues as they relate to threats, vulnerabilities, or risks, with a focus on recommendations for enhancements or remediation, and proficiency in multiple security assessment methodologies (e.g., Open Worldwide Application Security Project (OWASP) Top Ten, National Institute of Standards and Technology (NIST) Cybersecurity Framework), offensive testing tools, or resiliency testing equivalents
• Excellent communication, collaboration, and report writing skills, with the ability to influence and engage stakeholders across various functions and levels

Preferred qualifications, capabilities, and skills

• Proficiency in security concepts for both Windows and Unix-like Operating Systems
• Additional experience in testing thick clients, internal and external facing infrastructures, and cloud platforms (AWS/Azure/GCP)
• Experience in source code review and/or building software with multiple programming languages (i.e. Python, Java, Rust, etc.)
• Experience in reverse engineering thick clients and mobile applications
• Certifications like OSWE, CREST (CRT, CCT), OSCP, OSCE, GXPN, GWAPT, GPEN, GMOB, BSCP

Responsibilities will include (but may not be limited to):

• Under the leadership of a team leader, execute targeted, complex control reviews for line of business compliance requirements to effectively challenge business controls in accordance with team, program and enterprise methodologies.

• Manage schedules to ensure all tasks and reporting are completed within established timeframes.

• Obtain and analyze test data from multiple sources, following documented test plans, testing protocols, and leveraging job aids as needed.

• Develop innovative ways to approach control reviews.

• Identify and implement new technologies and innovative concepts.

• Demonstrate an understanding of testing methodology, business processes, control frameworks, and related regulatory and compliance requirements.

• Establish and maintain strong relationships with Compliance Advisors, the Risk Office and Business areas.

• Ensure engagement with proper points of contact throughout the testing process.

• Systematically retain documents that substantiate control reviews with a high level of accuracy.

• Review deliverables executed by peers for accuracy and adherence to procedures.

• Submit control review results in the system of record.

• Communicate results to Compliance Officers, Advisors, 1st Line of Defense Testing and Business area, as needed.

• Ability to work cooperatively and effectively with supporting team members to meet departmental goals.

• Maintain strong time management, organizational and prioritization skills; ability to complete multiple concurrent tasks within close deadlines with a high degree of accuracy and detail.

Basic Qualifications:

• High School Diploma, GED or equivalent certification

• At least 3 years of experience in audit, compliance, risk management, controls, or transaction reviews

• At least 5 years of experience in Financial Services

Preferred Qualifications:

• Bachelor's degree in Auditing, Accounting, Finance, Economics, Information Systems, or Business Administration

• 6+ years of experience in financial services monitoring, auditing, risk management, or compliance experience

• Certified Regulatory Compliance Manager (CRCM) accreditation, Fair Credit Reporting Act (FCRA) for Data Furnishers, Certified Information Privacy Professional (CIPP), Certified Fraud Examiner (CFE), Certified Anti-Money Laundering Specialist (CAMS)

• Experience analyzing test scripts using SQL/Python to test full populations

• Proficiency with Microsoft Office and Google G-Suite

• Strong communication skills

• Strong problem-solving and conceptual thinking skills

• Knowledge of data analytics, Optical Character Reader, Robotic Process Automation or Artificial Intelligence

• Basic understanding of data schemas or cloud data structure

• Experience with data analytics teams to help drive innovative testing approaches

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.

As a product tester on the Reveal product team, you'll be able to:

• Help answer the question ‘Are we following the law?’ through envisioning a product for compliance testing.

• Perform new feature discovery for a large internal testing group program representing the DA experience while working with partner teams like Testers, Governance, Tech, and Design.

• Drive compliance goals through development of tools that enable our users to achieve them at scale through deep data analysis

• Enable astonishing Tester experience features that save them time, reduce process errors, and provide for greater risk coverage

• Optimize team outcomes, with a focus on well managed practices and prioritization of the highest priority work

In this role, you’ll be expected to demonstrate proficiency in five key areas which we consider to be the foundation for successful Product management:

• Human Centered- Obsesses about internal and external customer needs to reimagine and innovate product solutions

• Business Focused -Delivers game-changing outcomes by focusing on leverage and execution excellence

• Technology Driven -Leverages technology to deliver innovative and resilient solutions that enable both near term and long term value

• Integrated Problem Solving- Identifies and resolves complex problems to deliver outcomes while mitigating product risks

• Transformational Leadership -

Basic Qualifications:

• At least 3 years of experience working in Product Management

• Currently has, or is in the process of obtaining one of the following with an expectation that the required degree will be obtained on or before the scheduled start date:

  • A Bachelor's Degree in a quantitative field (Statistics, Economics, Operations Research, Analytics, Mathematics, Computer Science, Computer Engineering, Software Engineering, Mechanical Engineering, Information Systems or a related quantitative field)

  • A Master's Degree in a quantitative field (Statistics, Economics, Operations Research, Analytics, Mathematics, Computer Science, Computer Engineering, Software Engineering, Mechanical Engineering, Information Systems or a related quantitative field) or an MBA with a quantitative concentration

Preferred Qualifications:

• Experience translating business strategy and analysis into consumer facing digital products

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.