18 days old
2017-11-022017-12-02

Information Security Engineer 5 - Security Code Review Team

Allen, TX 75002
  • Job Code
    5367115-8
Job Description

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Note: This position may sit at any core Wells Fargo location or telecommute

The Security Code Review (SCR) team is part of Wells Fargo Enterprise Information Security Cyber Security Defense and Monitoring organization that is responsible for identifying, documenting, and assessing Information Security risks within Wells Fargo critical applications. SCR is responsible for assessing risks present in public-facing (e.g. Internet, mobile, etc.) applications using a static methodology for deep-level security code analysis. The new team member will conduct source code level assessment to identify security vulnerabilities and ensure compliance with corporate security policies and adherence to best practices.

This role is a senior position on the Security Code Review team and will serve as a high level technical security resource. Additional responsibilities may include but are not limited to definition of new security code review processes, update of current processes and/or resources, SCR infrastructure optimization, architectural level analysis and design in SCR tools and technology, identification and communication of emergent vulnerabilities, building out new forms of security code review based on application criticality, vetting of new security code review vendors to join the Approved SCR Vendor program. May direct or serve as a mentor to less experienced staff.

  • Strong Java/JEE development and/or .NET background
  • Demonstrated experience in web application security
  • Demonstrated attention to details
  • Demonstrated effective verbal and written communication skills
  • Self-motivated individual who thrives in a fast-paced, changing environment


Required Qualifications

  • 7+ years of information security applications and systems experience
  • 5+ years of J2EE experience or 5+ years of .net experience
  • 1+ year of relational database experience
  • 3+ years of SAST (Static Analysis Software Testing) experience
  • 3+ years of static code review experience
  • 3+ years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25



Desired Qualifications

  • Advanced Information Security technical skills and understanding of information security practices and policies
  • Ability to manage complex issues and develop solutions
  • Excellent verbal and written communication skills
  • Knowledge and understanding of technology testing: web-based applications developed in Java or .net framework
  • Knowledge and understanding of design and development of modern web applications and mobile technologies
  • Knowledge and understanding of technology testing: dynamic application or software assessments (web application penetration testing, web application vulnerability testing)
  • Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
  • Ability to organize and manage multiple priorities
  • Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
  • Outstanding problem solving skills
  • Strong negotiating skills
  • Ability to translate and present complex technical data across technical and non-technical groups



Other Desired Qualifications
  • Experience with, or understanding of, AJAX and web services
  • Experience writing rules for SAST tools like HP Fortify SCA and Checkmarx
  • Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)
  • Understanding of SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc.)
  • Ability to handle difficult situations and to provide alternative solutions or workarounds
  • Flexible and creative in helping to find acceptable solutions
  • CISSP, CSSLP, GSSP, or comparable security certification
  • Ability to comprehend large, complex applications written by others from reading source code
  • Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.
  • Ability to stay current with emerging technologies and industry trends




Disclaimer


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.



Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Advertisement

Categories

  • Engineering
  • Security / Protective Services
  • Legal

Featured Jobs

Career News

Share this job:

Information Security Engineer 5 - Security Code Review Team

Wells Fargo
Allen, TX 75002

Share this job

Information Security Engineer 5 - Security Code Review Team

Wells Fargo
Allen, TX
US

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast