Sign In
 [New User? Sign Up]
Mobile Version

Info Security Engineer 6

Wells Fargo


Location:
Minneapolis, MN
Date:
09/07/2017
2017-09-072017-10-07
Job Code:
5354346-1
Categories:
  • Engineering
  • Legal
  •  
  • Save Ad
  • Email Friend
  • Print
  • Research Salary

Job Details

Job Description

The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective.

Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Information Security Engineer position is a lead role and will support the technology and reporting aspects of the SCR Infrastructure, Technology & Reporting (IT&R) team. SCR IT&R works as the backbone and key support and reporting structure to Wells Fargo critical security code review processes. The SCR IT&R team manages infrastructure, review automation, data repositories, review workflow platforms, reporting platforms and more that support the security review, review workflow and risk reporting of over 150 million lines of code annually. In addition to independent core systems, workflow integrations exist in certain SCR workflow and reporting platforms with non-SCR core central systems of record. SCR IT&R provides core capabilities for review of 800 critical applications, over 150 million lines of code, internally hosted and vendor hosted applications, supporting local, vendor-integrated, and remote review capabilities.

The SCR IT&R capabilities encompass over 40 servers with both Microsoft and Java-based technologies, 7 core applications, 2 databases (SQL Server and Oracle), with an evolving architecture expected to support security code review services that demonstrate continuous annual growth. This technology framework is set to positively enable and support the Wells Fargo SCR application security review roadmap.

This position will require a strong technical, programming, and database background. The selected candidate will participate in development and maintenance of applications and reports. They should possess excellent interpersonal communication skills as they will act as lead, ensuring that standard processes and procedures are implemented and followed in SCR platforms and technology, working with infrastructure, technology and reporting team members to follow SCR compliance to best practices, standards and security requirements, and participates in all aspects of application analysis, design, development, implementation and maintenance. As a lead, this role will provide guidance, assign tasks, and track progress of concurrent projects.



Required Qualifications

  • 10+ years of information security applications and systems experience
  • 3+ years of MS SQL server experience
  • 3+ years of web applications experience
  • 3+ years of change management experience
  • 3+ years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25
  • 1+ year of leadership experience



Desired Qualifications

  • Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices
  • Ability to manage highly complex issues and negotiate solutions
  • Excellent verbal and written communication skills
  • Ability to interact and communicate effectively with all levels of an organization; including at the executive level
  • SAST (Static Analysis Software Testing) experience
  • 3+ years of business continuity planning experience
  • 2+ years of SharePoint experience
  • 1+ year of Oracle experience
  • Middleware experience
  • Knowledge and understanding of PAC2000
  • Ability to identify and manage complex issues and negotiate solutions within a geographically dispersed organization
  • Ability to direct and oversee escalated technical troubleshooting and complex analysis efforts for prompt recovery of major issues
  • Experience securing IaaS/PaaS private cloud or DevOps environments
  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
  • Ability to translate and present complex technical data across technical and non-technical groups
  • Ability to translate and summarize complex data into understandable, actionable information and recommendations
  • Ability to positively influence, motivate, and direct diverse teams in a shift based, decentralized, and geographically dispersed environment



Other Desired Qualifications
  • Advanced Information Security technical skills and understanding of information security practices and policies
  • Understands application security as it relates to development, infrastructure, data classifications, policy, etc.
  • Understands security code review and can assess and recommend areas for technological improvement including changes to software, tools, processes, etc.
  • In-depth knowledge and understanding of web applications, including various languages and frameworks (i.e. Java, ASP.NET, C++, C#, Struts, Spring MVC, .Net MVC, etc.).
  • Experience with, or understanding of, AJAX and web services
  • CISSP, CSSLP, GSSP, or comparable security certification
  • Experience with validation processes (application validation, service account validation, etc.)
  • Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.
  • Ability to handle multiple complex assignments simultaneously
  • Experience working with technology vendors
  • Knowledge and understanding of SPARC (Security Planning & Assessment of Risks / Controls)
  • Ability to stay current with emerging technologies and industry trends
  • Ability to handle difficult situations and to provide alternative solutions or workarounds
  • Flexible and creative in helping to find acceptable solutions
  • Flexible to address incidents during evening and weekend hours as needed
  • Knowledge of and experience administering Atlassian Jira Software




Disclaimer


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.



Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Advertisement
Powered By

Featured Jobs

Career News