17 days old

Information Security Engineer 5

Chandler, AZ 85225
  • Job Code
    5501587-2
Job Description

At Wells Fargo, we want to satisfy our customers financial needs and help them succeed financially. Were looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where youll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

The Enterprise Password Services (EPS) team in Enterprise Information Security (EIS) is looking for an experienced, well rounded, senior Information Security Engineer.

Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargos more than 70 million global customers.

The EPS team is responsible for securely managing passwords for myriad applications and authentication systems of record throughout Wells Fargo. User passwords are managed by the Automated Password Service, an adaptation of the Hitachi ID Password Manager product. Privileged and service accounts are managed by the CyberArk Enterprise Password Vault. Additionally the team manages the in-house developed Secure One-Time Authentication application for out-of-band, auditable team-member-to-team-member authentication.

The EPS team supports Wells Fargo's password management needs, developing secure solutions for integrating the above third party password management products with the applications and authentication systems of record in use at Wells Fargo. This includes but is not limited to: Active Directory/LDAP, Oracle/SQL Server and other database systems, mainframe terminal applications, SSH connections and applications with RESTful or SOAP APIs. Integration solutions may involve various languages as necessary: C, C++, C#, .Net, Python, Perl, PowerShell, JavaScript, PHP, and SQL. Projects may also require experience with web technologies such as CSS, HTML and frameworks such as jQuery, Bootstrap, React.

This position will support the development of secure solutions that align with the broader EPS team objectives and requirements. The position may also provide leadership, mentoring and direction for less experienced EPS developers and engineers. The successful candidate must be comfortable working on multiple dynamic projects simultaneously.

Responsibilities will include but are not limited to:

Identifying, formulating and helping to implement complex information security tools, solutions and controls. Acting as a lead in providing guidance and consultation for secure application design, utilizing a thorough understanding of applicable technology, tools and existing designs. Analyzing highly complex business requirements, designing and writing technical specifications to design or redesign complex computer platforms and applications. Verifying program logic by writing test plans and overseeing the preparation of test data, testing and debugging of programs. Performing security peer reviews prior to code deployments. Overseeing overall systems testing and the migration of applications to production. Assuring quality, security and compliance requirements are met for supported area and overseeing creation of or updates to and testing of the business continuation plan. Developing and reviewing malicious use cases/threat models. Providing ad hoc penetration testing as necessary. Investigating and potentially implementing fixes for security vulnerabilities. Maintaining a broad understanding of security technologies and products. Staying up to speed on third party (inside and outside Wells Fargo) known security vulnerabilities. Actively participating in improving the security culture and education throughout the organization.

Due to the sensitive nature of our area of focus, a strong background in security-focused software development best practices (e.g. avoiding XSS vulnerabilities, preventing buffer overflows, using CSRF tokens, avoiding SQL injection) and experience with secure Systems Development Life Cycle (SDLC) practices, particularly with source code management and deployment, are important.

**Willing to consider all major hub locations for Wells Fargo including telecommute.**

Required Qualifications

7+ years of information security applications and systems experience7+ years of application development experience7+ years of information security experience5 + years of web application development experience3+ years of relational database experience3+ years of experience working in a large enterprise network organization

Desired Qualifications

Advanced Information Security technical skills and understanding of information security practices and policiesAbility to manage complex issues and develop solutionsExcellent verbal and written communication skillsWeb application security vulnerability detection and mitigation experienceKnowledge and understanding of threat analysis and assessment of potential and current information security risk/threatsAbility to discuss information security risks at a detailed technical levelExperience articulating issues, risks, and proposed solutions to various levels of staff and managementKnowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysisKnowledge and understanding of security issues and hardening best practicesKnowledge and understanding of security policies and standardsKnowledge and understanding of security technologies and concepts including identity management, single sign on, directory services, role based access control, cryptographic algorithms, mutual authentication and certificate managementKnowledge and understanding of secure solutions within the financial services industryKnowledge and understanding of cryptography and key managementKnowledge and understanding of leveraging and administering digital certificates, and keys for authentication and encryption Knowledge and understanding of technology object oriented: programming: C++, JavaScript, or JavaKnowledge and understanding of Python, Ruby, PowerShell, and Shell scriptingAbility to identify and manage complex issues and negotiate solutions within a geographically dispersed organizationExperience working in a large enterprise environmentGood analytical skills with high attention to detail and accuracyAbility to manage multiple and competing prioritiesAbility to work with limited supervisionAbility to take on a high level of responsibility, initiative, and accountabilityStrong collaboration and partnering skills

Other Desired Qualifications CISSP or equivalent certification Experience with Hitachi ID Password Manager Experience with CyberArk Enterprise Password Vault suite Multiple OS support experience (Windows, Linux) Familiarity with networking protocols (HTTP, TLS, LDAP, TCP) 3+ years of JavaScript development experience 3+ years of .Net development experience 3+ years of PowerShell development experience 3+ years of Python development experience 3+ years of PHP development experience Application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25Street Address

NC-Charlotte: 1525 W Wt Harris Blvd - Charlotte, NCMN-Shoreview: 1801 Parkview Dr - Shoreview, MNAZ-Chandler: 2600 S Price Rd - Chandler, AZ

Disclaimer

All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Advertisement

Categories

Posted: 2019-11-22 Expires: 2019-12-22

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Information Security Engineer 5

Wells Fargo
Chandler, AZ 85225

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast