Receive alerts when this company posts new jobs.
Info Security Engineer 4
at Wells Fargo
At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo’s more than 70 million global customers.
Enterprise Information Security within Wells Fargo is seeking an Info Security Engineer to support application security for all of Wells Fargo applications. Based on Wells Fargo’s interpretation of Federal Financial Institutions Examination Council (FFIEC) regulatory guidance pertaining to Internet banking, one of the controls introduced by Wells Fargo is an annual security assessment of high- and medium-risk Internet-facing applications. In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through FFIEC Compliance Testing. Communication with the business security team, information security officers (ISOs), enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.
FFIEC Testing Responsibilities
- Meet with application team to collect information and determine scope of testing
- Install, configure, use and maintain scanning and testing tools
- Manually verify security vulnerabilities identified by automated tools
- Perform manual testing to supplement results of automated scanning and testing tools
- Provide status and resolve issues that impact testing as required
- Document identified security vulnerabilities and related matters in a clear, concise and timely manner
- Meet with the application teams to review, describe and explain identified security vulnerabilities and possible remediation
- Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities
- Update documentation as required
- Maintain electronic or paper trail of testing activity for audit purposes
- Maintain confidentiality of authentication credentials, sensitive application information and test results before, during and after completion of compliance testing and/or retesting
The Info Security Engineer will additionally be responsible for:
- Providing adhoc penetration testing as necessary
- Providing application security consulting SME Support to developers
- Providing for root cause analysis and incident management investigation
- Providing security training as required
- Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
- Develop and review malicious use cases/threat models
- Maintain a broad understanding of security technologies and products
- Actively participate on improving the security culture and education throughout the organization.
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.