14 days old

Info Security Engineer 5

Plano, TX 75074
  • Job Code
Job Description

Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume prior to submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as Personal Cell or Cellular in the contact information of your application.

At Wells Fargo, we want to satisfy our customers financial needs and help them succeed financially. Were looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where youll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargos more than 70 million global customers.

The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective.

Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Information Security Engineer position will serve as a high level technical security resource. The new team member will conduct automated source code level assessment to identify security vulnerabilities and ensure compliance with corporate security policies and adherence to best practices. This is an exciting opportunity to be part of a growing team of niche, high performance security talent, while leveraging mature security code review processes, that will be responsible for the assessment of code level security issues for public facing applications, internally hosted and vendor hosted, supporting local, vendor-integrated, and remote review capabilities.

Reviews encompass a vast assortment of language technologies that vary between reviews, with the majority split between both Microsoft and Java-based technologies spanning mobile applications, classic web applications/portals, newer innovation applications and more. While working to your strengths in reviews aligned to your own unique core technology background, you will have supported opportunity to learn new technologies and gain new skills. In fact, professional development is one of the core work objectives for each SCR team member, where enhancing current and building new capabilities are favorable traits and encouraged.

This position will report directly to the Security Code Review Leader within Cyber Threat Management (CTM), and will be working with a high performance team of security engineers focused on driving success of manual and automated security review capabilities within the SCR Team that operates as part of CTM within EIS CSD&M. This is an exciting opportunity as Wells Fargo continues to improve and expand our core capabilities in application vulnerability detection, risk identification and reporting.

Accountabilities include, but are not limited to:

Build applications and execute SAST tools such as Fortify and Checkmarx for static analysis, supporting multiple technologies including Java, .Net, iOS, Android, and more; Continually learn and grow ability to support additional technologies; Support scanning tool upgrades, testing of new releases and troubleshooting of production issues relative to processes; Mentor newer or more junior team members both within the US and international and support other engineers with complex scenarios and applications; Manage the review queue for the SCR-Triage processes, manage engineer assignments and respond to questions and inquiries related to ongoing projects; Document and/or update process documentation for team members as well as external stakeholders; Collaborate with Wells Fargo business partners who are stakeholders in the code review process; Participate in or conduct presentations to the broader Wells Fargo community; Participate in strategy planning and/or new initiatives that work to continually advance the team's capabilities.

Team members are spread across several locations, with the majority of the team working remotely. We focus on hiring the best talent regardless of the location. We dont expect you to join us and hit the ground running. We take what we do seriously, and expect to train you on our processes with a learning curve that will take several months to master fully. We believe in diversity. Your opinions matter to us, opening discussion forums to the opinions of all team members so that we can uniformly make strategic and operational improvements that consider all sides or inviting you to opt-in to specialized team or department level working groups that assess unique and diverse topics in code level security that will help to optimize vulnerability detection, how we assess risk, and consider appropriate safeguards.

If this sounds like a position that interests you, apply today. Wed like to understand your capabilities, background, and opinions on application security.

Required Qualifications

7+ years of information security applications and systems experience5+ years of .Net or Java experience or a combination of both3+ years of SAST (Static Analysis Software Testing) experience3+ years of Fortify Code Analyzer experience

Desired Qualifications

Advanced Information Security technical skills and understanding of information security practices and policiesAbility to manage complex issues and develop solutionsExcellent verbal and written communication skillsKnowledge and understanding of technology testing: web-based applications developed in Java or .net frameworkKnowledge and understanding of design and development of modern web applications and mobile technologiesAbility to execute in a fast paced, high demand, environment while balancing multiple prioritiesAbility to articulate issues, risks, and proposed solutions to various levels of staff and managementAbility to translate and present complex technical data across technical and non-technical groups3+ years of ANT or Maven experienceKnowledge and understanding of C++3+ years of MS Visual Studio experience

Other Desired Qualifications Experience with, or understanding of, AJAX and web services Experience with server-side JavaScript Experience with Salesforce Apex Experience writing rules for SAST tools like MicroFocus Fortify and Checkmarx Involved in local security groups, such as OWASP local Chapters Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.) Understanding of SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc.) Ability to handle difficult situations and to provide alternative solutions or workarounds Flexible and creative in helping to find acceptable solutions CISSP, CSSLP, GSSP, or comparable security certification Ability to comprehend large, complex applications written by others from reading source code Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications. Ability to stay current with emerging technologies and industry trendsJob Expectations

Ability to travel up to 10% of the time


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.



Posted: 2020-02-13 Expires: 2020-03-14

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Info Security Engineer 5

Wells Fargo
Plano, TX 75074

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast