23 days old

Info Security Engineer 5

Minneapolis, MN 55415
  • Job Code
Job Description

Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as Personal Cell or Cellular in the contact information of your application.

At Wells Fargo, we want to satisfy our customers financial needs and help them succeed financially. Were looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where youll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargos more than 70 million global customers.

The Enterprise Password Services (EPS) team in Enterprise Information Security (EIS) is looking for an experienced, well rounded, senior Information Security Engineer.

The EPS team is responsible for securely managing passwords for myriad applications and authentication systems of record throughout Wells Fargo. User passwords are managed by the Automated Password Service, an adaptation of the Hitachi ID Password Manager product. Privileged and service accounts are managed by the CyberArk Enterprise Password Vault. Additionally the team manages the in-house developed Secure One-Time Authentication application for out-of-band, auditable team-member-to-team-member authentication.

The EPS team supports Wells Fargo's password management needs, developing secure solutions for integrating the above third party password management products with the applications and authentication systems of record in use at Wells Fargo. This includes but is not limited to: Active Directory/LDAP, Oracle/SQL Server and other database systems, mainframe terminal applications, SSH connections and applications with RESTful or SOAP APIs. Integration solutions may involve various languages as necessary: C, C++, C#, .Net, Python, Perl, PowerShell, JavaScript, PHP, and SQL. Projects may also require experience with web technologies such as CSS, HTML and frameworks such as jQuery, Bootstrap, React.

This position will support the development of secure solutions that align with the broader EPS team objectives and requirements. The position may also provide leadership, mentoring and direction for less experienced EPS developers and engineers. The successful candidate must be comfortable working on multiple dynamic projects simultaneously.

Responsibilities will include but are not limited to:
Identifying, formulating and helping to implement complex information security tools, solutions and controls.
Acting as a lead in providing guidance and consultation for secure application design, utilizing a thorough understanding of applicable technology, tools and existing designs.
Analyzing highly complex business requirements, designing and writing technical specifications to design or redesign complex computer platforms and applications.
Verifying program logic by writing test plans and overseeing the preparation of test data, testing and debugging of programs.
Performing security peer reviews prior to code deployments.
Overseeing overall systems testing and the migration of applications to production.
Assuring quality, security and compliance requirements are met for supported area and overseeing creation of or updates to and testing of the business continuation plan.
Developing and reviewing malicious use cases/threat models.
Providing ad hoc penetration testing as necessary.
Investigating and potentially implementing fixes for security vulnerabilities.
Maintaining a broad understanding of security technologies and products.
Staying up to speed on third party (inside and outside Wells Fargo) known security vulnerabilities.
Actively participating in improving the security culture and education throughout the organization.

Due to the sensitive nature of our area of focus, a strong background in security-focused software development best practices (e.g. avoiding XSS vulnerabilities, preventing buffer overflows, using CSRF tokens, avoiding SQL injection) and experience with secure Systems Development Life Cycle (SDLC) practices, particularly with source code management and deployment, are important.

**Willing to consider all approved technical hub locations for Wells Fargo.**

Required Qualifications

7+ years of information security applications and systems experience7+ years of information security experience3+ years of relational database experience3+ years of experience working in a large enterprise network organization5 + years of web application development experience7+ years of application development experience

Desired Qualifications

Advanced Information Security technical skills and understanding of information security practices and policiesAbility to manage complex issues and develop solutionsExcellent verbal and written communication skillsExperience working in a large enterprise environmentAbility to identify and manage complex issues and negotiate solutions within a geographically dispersed organizationAbility to manage multiple and competing prioritiesAbility to take on a high level of responsibility, initiative, and accountabilityAbility to work with limited supervisionGood analytical skills with high attention to detail and accuracyKnowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysisKnowledge and understanding of cryptography and key managementKnowledge and understanding of leveraging and administering digital certificates, and keys for authentication and encryption Knowledge and understanding of security issues and hardening best practicesKnowledge and understanding of security policies and standardsKnowledge and understanding of security technologies and concepts including identity management, single sign on, directory services, role based access control, cryptographic algorithms, mutual authentication and certificate managementKnowledge and understanding of technology object oriented: programming: C++, JavaScript, or JavaKnowledge and understanding of threat analysis and assessment of potential and current information security risk/threatsStrong collaboration and partnering skillsWeb application security vulnerability detection and mitigation experienceExperience articulating issues, risks, and proposed solutions to various levels of staff and managementKnowledge and understanding of secure solutions within the financial services industryAbility to discuss information security risks at a detailed technical levelKnowledge and understanding of Python, Ruby, PowerShell, and Shell scripting

Other Desired Qualifications

CISSP or equivalent certification
Experience with Hitachi ID Password Manager
Experience with CyberArk Enterprise Password Vault suite
Multiple OS support experience (Windows, Linux)
Familiarity with networking protocols (HTTP, TLS, LDAP, TCP)
3+ years of JavaScript development experience
3+ years of .Net development experience
3+ years of PowerShell development experience
3+ years of Python development experience
3+ years of PHP development experience
Application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25

Street Address

AZ-PHX-Northwest Phoenix: 2222 W Rose Garden Ln - Phoenix, AZAZ-PHX-Central Phoenix: 100 W Washington St - Phoenix, AZCA-SF-Financial District: 333 Market St - San Francisco, CACA-SF-Financial District: 420 Montgomery - San Francisco, CAIA-West Des Moines: 800 S Jordan Creek Pkwy - West Des Moines, IAIL-Chicago: 10 S Wacker Drive - Chicago, ILMA-Boston: 125 High Street - Boston, MAMN-Minneapolis: 255 2nd Ave S - Minneapolis, MNMN-Minneapolis: 600 S 4th St - Minneapolis, MNMN-Minneapolis: 425 E Hennepin Ave - Minneapolis, MNMO-Saint Louis: 1 N Jefferson Ave - Saint Louis, MONC-Raleigh: 1100 Corporate Center Dr - Raleigh, NCTX-DAL-Downtown Dallas: 1445 Ross Ave - Dallas, TXNY-New York: 150 E 42nd St - New York, NYPA-Philadelphia: 101 N Independence Mall E - Philadelphia, PA


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.



Posted: 2020-06-13 Expires: 2020-07-13

Featured Jobs

Sponsored by:
ADP Logo

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Info Security Engineer 5

Wells Fargo
Minneapolis, MN 55415

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast