1+ months
2018-03-172018-05-25

Cyber Security Research Scientist 2 - DAST

San Francisco, CA
  • Job Code
    5395205-3
Job Description

At Wells Fargo, we have one goal: to satisfy our customers financial needs and help them achieve their dreams. Were looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where youll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Corporate Risk helps all Wells Fargo businesses identify and manage risk.We focus on three key risk areas: credit risk, operational risk and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Enterprise Information Security within Wells Fargo is seeking a Cyber Security Research Scientist to support application security for all of Wells Fargo applications. Based on Wells Fargos interpretation of Federal Financial Institutions Examination Council (FFIEC) regulatory guidance pertaining to Internet banking, one of the controls introduced by Wells Fargo is an annual security assessment of high- and medium-risk Internet-facing applications. In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through FFIEC Compliance Testing. Communication with the business security team, information security officers (ISOs), enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.

DAST Testing Responsibilities

  • Perform Web Application Penetration testing
  • Meet with application team to collect information and determine scope of testing
  • Install, configure, use and maintain scanning and testing tools
  • Manually verify security vulnerabilities identified by automated tools
  • Perform manual testing to supplement results of automated scanning and testing tools
  • Provide status and resolve issues that impact testing as required
  • Document identified security vulnerabilities and related matters in a clear, concise and timely manner
  • Meet with the application teams to review, describe and explain identified security vulnerabilities and possibleremediation
  • Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities
  • Update documentation as required
  • Maintain electronic or paper trail of testing activity for audit purposes
  • Maintain confidentiality of authentication credentials, sensitive application information and test results before, during and after completion testing and/or retesting

    The Info Security Engineer will additionally be responsible for:

  • Providing adhoc penetration testing as necessary
  • Providing application security consulting SME Support to developers
  • Providing for root cause analysis and incident management investigation
  • Providing security training as required
  • Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
  • Develop and review malicious use cases/threat models
  • Maintain a broad understanding of security technologies and products
  • Actively participate on improving the security culture and education throughout the organization.

    A Successful Candidate Will Possess the Following:

  • Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments
  • The ability to provide support after normal business hours as needed
  • A strong ability to multi-task and manage varying priorities and projects
  • Demonstrated excellent written and oral communication skills
  • Required Qualifications

    3+ years of information security experience in converged testing (red teaming)1+ year of experience in network, social, and physical domains3+ years of experience in one or a combination of the following: creating proof of concepts, creating exploits, or reverse engineering7+ years of DAST (Dynamic Application Security Testing) experience3 + years of mobile testing experience

    Desired Qualifications

    Advanced Information Security technical skillsProficient in working with systems, networks, and application vulnerability testingAbility to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats9+ years of information security experienceKnowledge and understanding of banking or financial services industryExperience working in a large enterprise environmentStrong analytical skills with high attention to detail and accuracyKnowledge and understanding of information security industry standards and government regulationsAbility to manage multiple and competing prioritiesAbility to work with limited supervisionAbility to take on a high level of responsibility, initiative, and accountabilityGood attention to detail and accuracy skillsStrong collaboration and partnering skills

    Other Desired Qualifications
  • 7+ years of automated information security penetration tools experience
  • 2+ forensic experience
  • Disclaimer

    All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

    Relevant military experience is considered for veterans and transitioning service men and women.
    Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

    Categories

    Featured Jobs

    Career News

    Before you go...

    Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

    Share this job:

    Cyber Security Research Scientist 2 - DAST

    Wells Fargo
    San Francisco, CA

    Share this job

    Cyber Security Research Scientist 2 - DAST

    Wells Fargo
    San Francisco, CA
    US

    Separate email addresses with commas

    Enter valid email address for sender.

    Join us to start saving your Favorite Jobs!

    Sign In Create Account
    Powered ByCareerCast