10 days old
2018-05-112018-06-10

Information Security Engineer 6

Chandler, AZ
  • Job Code
    5406814-4
Job Description

At Wells Fargo, we want to satisfy our customers financial needs and help them succeed financially. Were looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where youll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you

Enterprise Finance & Information Technology offers technology and services that exceed Wells Fargo customers expectations and directly enable them to succeed financially. We interact with customers more than 12 billion times a year through in-store, online, ATM, and telephone transactions. We impact customers directly, through systems availability and security, as well as indirectly, through our business partners who offer and deliver a myriad of products and services that meet customers financial needs. We provide a competitive advantage for the company through excellence in fundamentals, integrated partnerships, and our talented and engaged team members.

Role Overview:

The Payments, Virtual Solutions, Innovation, & Community Banking (PVSI & CB) business group was created recently to leverage and build on our strengths to deliver compelling and game changing experiences for our customers. The launch of this business division brought together six lines of businesses: Consumer Credit Solutions, Deposit Products Group, Innovations, Operations, Treasury Management and Wells Fargo Virtual Channels. The PVSI & Community Banking (PVSI & CB) technology organization is focused on bringing together technology teams across the firm focused on delivering the next generation of payments capabilities, advancing digital offerings, enabling innovation to develop new customer experiences & products and enhancing branch, contact center & ATM technology.

The PVSI & CB groups play a critical role in enabling our business partners through technology solutions. The organizational models for these teams are designed to more effectively manage our portfolio of applications, govern enterprise IT, manage risk, simplify our technology offerings, and execute on our business partners priorities with enhanced time to market. The Business Services teams supporting these groups are a critical component of the EIT CIO (Enterprise Information Technology) operating model and are focused on providing business services to team members, support partners and Line of Business partners in conjunction with the Enterprise CIO Business Services organization.

Job Description:

This is an exciting opportunity for a qualified application security engineer with a passion for application security and helping others incorporate it into their software development lifecycle. The successful application engineer will work closely with application teams to adopt and incorporate secure coding practices into their SDLC methodologies.

The core responsibilities for this role are:

  • Partner with EIS and Enterprise Application Security Program to implement application security initiatives including Secure Code Practices.
  • Provide technical guidance to developers on discovering and remediating software coding security vulnerabilities.
  • Ensure strong progress through side by side work with app managers through key secure coding deliverables.
  • Analyze and provide management reporting on vulnerability detection, remediation and compliance trending.
  • Partner with architects and application development teams in secure software design.
  • Provide the Secure Software Group (SSG) in Enterprise Information Security (EIS) feedback on information security related processes, tools, and procedures.
  • Recommend, evaluate, integrate, deploy, and enforce security tools and frameworks
  • Evaluate software security technologies and products
  • Support communication efforts with application teams.
  • Apply knowledge of information security and application development industry trends and technology to drive organizational change and position to properly manage and remediate vulnerabilities.
  • Required Qualifications

    10+ years of information security experience6+ years of web applications experience10+ years of information security applications and systems experience

    Desired Qualifications

    DAST (Dynamic Application Security Testing) experienceSAST (Static Analysis Software Testing) experienceAbility to execute in a fast paced, high demand, environment while balancing multiple prioritiesKnowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysisKnowledge and understanding of Fortify Code AnalyzerKnowledge and understanding of Payment Card Industry (PCI) controlsKnowledge and understanding of project management methodologies: creation of business cases, project initiation, development of comprehensive business requirements, and identification of project interdependenciesKnowledge and understanding of secure SDLC (System Development Life Cycle) methodologiesKnowledge and understanding of security consulting on complex issues related to data access, integrity, confidentiality and business continuity Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threatsOutstanding problem solving and analytical skills with ability to turn findings into strategic imperativesAbility to interact and communicate effectively with all levels of an organization; including at the executive levelAbility to manage highly complex issues and negotiate solutionsExcellent verbal and written communication skillsExpert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices

    Other Desired Qualifications
    • 5+ years application security experience

    • 4+ years of hands-on experience in configuring software security tools in various environments.

    • Advanced Information Security technical skills and understanding of information security practices and policies

    • Extensive knowledge of application security including threats, vulnerabilities, and defenses

    • Extensive knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices

    • Significant experience championing information security initiatives and facilitating culture change within large organizations

    • Ability to manage complex issues and develop solutions

    • Threat modeling experience with Microsoft Threat Modeling tool

    • Advanced information security technical skills

    • Hands-on experience with application security coding

    • Knowledge or experience with all or some of the following practices; threat modeling, static analysis, bug bars, attack surface analysis, risk/privacy assessments, dynamic analysis, design requirements.

    • Knowledge and understanding of platform technologies including network, distributed systems, desktop computing, voice, and threat management technologies

    • Experience with governance and validation of application security practices

    • Certified Information Systems Security Professional (CISSP), GIAC Secure Software Programmer (GSSP) certification

    • Experience with Content Security Policy and Runtime Application Security Protection
    Disclaimer

    All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

    Relevant military experience is considered for veterans and transitioning service men and women.
    Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

    Categories

    Featured Jobs

    Career News

    Before you go...

    Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

    Share this job:

    Information Security Engineer 6

    Wells Fargo
    Chandler, AZ

    Share this job

    Information Security Engineer 6

    Wells Fargo
    Chandler, AZ
    US

    Separate email addresses with commas

    Enter valid email address for sender.

    Join us to start saving your Favorite Jobs!

    Sign In Create Account
    th -
    Overall Rating: /199
    Median Salary:

    Work Environment
    Stress
    Growth
    Powered ByCareerCast