Receive alerts when this company posts new jobs.
Info Security Engineer 5
at Wells Fargo
At Wells Fargo, we have one goal: to satisfy our customers’ financial needs and help them achieve their dreams. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Enterprise Finance & Information Technology offers technology and services that exceed Wells Fargo customers’ expectations and directly enable them to succeed financially. We interact with customers more than 12 billion times a year through in-store, online, ATM, and telephone transactions. We impact customers directly, through systems availability and security, as well as indirectly, through our business partners who offer and deliver a myriad of products and services that meet customers’ financial needs. We provide a competitive advantage for the company through excellence in fundamentals, integrated partnerships, and our talented and engaged team members.
Enterprise Information Security within Wells Fargo is seeking a Senior Info Security Engineer to support application security for Wells Fargo. In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through Dynamic Application Security Testing (DAST). Communication with the business security team, information security consultants (ISCs), application security champions (ASCs), operation risk consultants (ORCs), enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.
The Info Security Engineer will:
- Conduct dynamic application security testing using both manual and automated testing tools.
- Review test results from tools
- Ensure that automated tests are completed successfully
- Configure tools as required to be successful in evaluating applications
- Identify and remove any false positives from automated testing tool reports
- Triage & Disposition results and enforce a Bug Bar
- Verify/validate defect fixes
- Provide ad hoc penetration testing as necessary for defects/issues identified by the industry
- Provide application security consulting SME support to developers
- Assist developers with understanding of security defects and risk
- Assist in defining acceptable solution to fix defects
- Communicate Security risk to ISCs and ASCs to document security issues and controls for security planning purposes
- Assist with root cause analysis and incident management investigation as needed
- Help maintain Security Coding Standards and Bug Bar as required
- Assist in the Development of standards as required
- Provide training to less experienced testers as required
- Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
- Develop and review malicious use cases/threat models
- Maintain a broad understanding of security technologies and products
- Actively participate on improving the security culture and education throughout the organization
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.