Charlotte, NC
Info Security Engineer 3
At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers.
Wells Fargo Bank N.A. seeks an Info Security Engineer 3 in Charlotte, NC.
Job Role and Responsibility :
Wells Fargo Bank, N.A., Technology Group is hiring an Info Security Engineer 3 to conduct dynamic application security testing against applications deployed in a cloud environment using both manual and automated testing tools. Review test results from tools and ensure that automated tests are completed successfully. Configure tools as required to be successful in evaluating cloud-based applications. Identify and remove any false positives from automated testing tool reports. Triage and disposition results and enforce a bug bar. Verify/validate defect fixes. Provide application security consulting subject matter expert support to developers. Test results will be further reviewed with software development partners to mitigate the security vulnerabilities in the applications. Assist developers with understanding of security defects and risk. Assist in defining acceptable solution to fix defects. Communicate and document security risks, issues and controls for security planning purposes with the business security team, information security consultants, operation risk consultants, enterprise security group, cloud partner, and development technology partners. Help maintain security coding standards and bug bar as required. Assist in the development of standards as required. Provide training. Stay up to speed on third party (internal and external) known security vulnerabilities. Develop and review malicious use cases/threat models. Maintain a broad understanding of security technologies and products. Act as an application subject matter expert (SME) for the development and security communities within Wells Fargo. Actively participate on improving the security culture and education throughout the organization.
Travel required: None
Required Qualifications :
Bachelor's degree in Computer Science, Engineering or a related technical field. Foreign degree equivalent accepted. Must have four (4) years of experience in the job offered or Information Security and Penetration Testing experience with applications, networks, systems, and other information assets.
Specific skills required:
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers.
Wells Fargo Bank N.A. seeks an Info Security Engineer 3 in Charlotte, NC.
Job Role and Responsibility :
Wells Fargo Bank, N.A., Technology Group is hiring an Info Security Engineer 3 to conduct dynamic application security testing against applications deployed in a cloud environment using both manual and automated testing tools. Review test results from tools and ensure that automated tests are completed successfully. Configure tools as required to be successful in evaluating cloud-based applications. Identify and remove any false positives from automated testing tool reports. Triage and disposition results and enforce a bug bar. Verify/validate defect fixes. Provide application security consulting subject matter expert support to developers. Test results will be further reviewed with software development partners to mitigate the security vulnerabilities in the applications. Assist developers with understanding of security defects and risk. Assist in defining acceptable solution to fix defects. Communicate and document security risks, issues and controls for security planning purposes with the business security team, information security consultants, operation risk consultants, enterprise security group, cloud partner, and development technology partners. Help maintain security coding standards and bug bar as required. Assist in the development of standards as required. Provide training. Stay up to speed on third party (internal and external) known security vulnerabilities. Develop and review malicious use cases/threat models. Maintain a broad understanding of security technologies and products. Act as an application subject matter expert (SME) for the development and security communities within Wells Fargo. Actively participate on improving the security culture and education throughout the organization.
Travel required: None
Required Qualifications :
Bachelor's degree in Computer Science, Engineering or a related technical field. Foreign degree equivalent accepted. Must have four (4) years of experience in the job offered or Information Security and Penetration Testing experience with applications, networks, systems, and other information assets.
Specific skills required:
- Experience performing web application penetration testing using IBM AppScan HP WebInspect, SQLMap and BurpSuite Pro
- Experience with Open Web Application Security Project (OWASP) and vulnerability knowledge required to understand the output of the tools
- Experience with penetration testing of a variety of internet facing applications and web service
- Experience conveying testing results to application teams including report writing and follow-up discussions
- Experience with validation of findings from the tools to disposition true findings from false positives as well as to directly assign severity ratings, create reports conveying the vulnerabilities identified, and work with developers to review the findings and remediation options
- Experience with several different vulnerabilities and assessments to identify those vulnerabilities including Sql Injection, XSS, and script injection
- Knowledge and understanding of the Software Development Life Cycle (SDLC) relative to ensuring security controls are enabled and working correctly to perform application penetration testing
- Knowledge of application design and attack surface for application penetration testing
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
Recommended Skills
- Application Design
- Application Security
- Appscan
- Assessments
- Burpsuite
- Computer Security
Browse other jobs