14 days old

Info Security Engineer 3 - Automated Dynamic Application Security Tester

Minneapolis, MN
  • Job Code
    5361171-1
Job Description

ENTERPRISE INFORMATION SECURITY:

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Enterprise Information Security within Wells Fargo is seeking an Info Security Engineer to support application security for all of Wells Fargo applications. In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through Automated Dynamic Application Security Testing (ADAST). Communication with the business security team, information security consultants (ISCs), operation risk consultants (ORCs), enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.

The Info Security Engineer will:

  • Conduct automated dynamic application security testing using automated testing tools
  • Review test results from tools
  • Ensure that automated tests are completed successfully
  • Identify and remove any false positives from automated testing tool reports
  • Triage & Disposition results and enforce a Bug Bar
  • Verify/validate defect fixes
  • Provide application security consulting SME Support to developers
  • Assist developers with understanding of security defects and risk
  • Assist in defining acceptable solution to fix defects
  • Communicate and document security risks, issues and controls for security planning purposes with line of business liaisons Help maintain Security Coding Standards and Bug Bar as required
  • Assist in the Development of standards as required
  • Provide training
  • Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
  • Develop and review malicious use cases/threat models
  • Maintain a broad understanding of security technologies and products
  • Actively participate on improving the security culture and education throughout the organization


Required Qualifications

  • 3+ years of information security applications and systems experience
  • 1+ years of experience managing application security vulnerabilities as a developer, a system administrator, or an application systems engineer or 1+ years of experience in a role coordinating the test results of vulnerabilities



Desired Qualifications

  • Advanced Information Security technical skills
  • Ability to manage complex issues and develop solutions
  • Excellent verbal and written communication skills
  • 1+ year of DAST (Dynamic Application Security Testing) experience
  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
  • Knowledge and understanding of banking or financial services industry
  • Experience working in a large enterprise environment
  • Strong analytical skills with high attention to detail and accuracy
  • Knowledge and understanding of information security industry standards and government regulations
  • Ability to manage multiple and competing priorities
  • Ability to work with limited supervision
  • Ability to take on a high level of responsibility, initiative, and accountability
  • Good attention to detail and accuracy skills
  • Strong collaboration and partnering skills



Other Desired Qualifications
  • Demonstrated experience with automated dynamic application security testing using automated testing tools
  • Demonstrated experience developing and reviewing malicious use cases/threat models




Disclaimer


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.



Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Advertisement

Categories

  • Engineering
  • Financial Services
  • Government
  • Security / Protective Services
  • Legal

Featured Jobs

Career News

Share this job:

Info Security Engineer 3 - Automated Dynamic Application Security Tester

Wells Fargo
Minneapolis, MN

Share this job

Info Security Engineer 3 - Automated Dynamic Application Security Tester

Wells Fargo
Minneapolis, MN
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast