Capital One Cyber Threat Detection Alert Development Principal Associate 

United States, Virginia, Arlington 

324846778

Cyber Threat Detection (Alert Development), Principal Associate

Responsibilities:

• Develop, deploy, and maintain using Detection-as-Code methodology and MITRE ATT&CK framework to measure coverage

• Develop signature and behavioral based detections

• Work with partners and stakeholders to onboard additional detection capabilities and tooling

• Ability to conduct proactive threat research across enterprise environments using hypothesis driven methodologies

• Develop and implement best practices to identify malicious activity in a dynamic, fast-paced environment

• Understand the business drivers of the enterprise and partner with relevant stakeholders to ensure robust monitoring and expanded coverage across our hosts, networks, and applications.

• Demonstrate a deep understanding of adversary techniques and emerging threats that could impact business operations

• Respond to inquiries from regulatory entities, risk management and audit teams, providing clear and complete documentation of procedures and workflows

• Experience mentoring junior engineers and contribute to a culture of continuous improvement and knowledge sharing

• Ability to articulate security risks and detection strategies to technical and executive audiences

About you:

• Previous experience with a detection engineering, threat detection, or detection operations team

• Extensive experience in SQL

• Strong understanding of attacker TTPs, red team methodologies, and translating offensive security insights into detections

• Excellent analytical, communication, and leadership skills

• Must be able to perform root cause analysis independently or collaboratively with team

• Customer service and stakeholder engagement skills

• Strong decision-making and strategic thinking in threat detection

Basic Qualifications:

• High School Diploma, GED, or equivalent certification

• At least 3 years of experience in Information Technology or Cyber Security

• At least 2 years of experience with host, cloud, application or network logs

• At least 2 years of experience developing alerts for threat detection

Preferred Qualifications:

• Bachelor’s Degree in Information Technology, Cyber Security or Computer Science or similar programs

• 4+ years of experience in Threat Detection, Threat Hunting, or Security Engineering

• 4+ years of experience with data science

• 4+ years of experience with Python

• 2+ years of pentesting or offensive security experience

• 1+ years of experience in publishing code to Github

• GCIA, GCIH, CISSP, GMON, GREM, GCTD, MLE, or Cloud (GCP, AWS) certifications

McLean, VA: $158,600 - $181,000 for Prin Assoc, Cyber Technical Richmond, VA: $144,200 - $164,600 for Prin Assoc, Cyber TechnicalThis role is also eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). Incentives could be discretionary or non discretionary depending on the plan.

. Eligibility varies based on full or part-time status, exempt or non-exempt status, and management level.

If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation, please contact Capital One Recruiting at 1-800-304-9102 or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.