Info Security Engineer 3 - Application Security Tester

Wells Fargo Minneapolis , MN 55415

Posted 1 week ago

Job Description:

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Job Description:

Enterprise Information Security within Wells Fargo is seeking an experienced Info Security Engineer to support application security for all of Wells Fargo applications. In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through Dynamic Application Security Testing (DAST). Communication with the business security team, information security consultants (ISCs), operation risk consultants (ORCs), enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.

The Info Security Engineer will:

  • Perform Web Application Penetration testing

  • Meet with application team to collect information and determine scope of testing

  • Install, configure, use and maintain scanning and testing tools

  • Manually verify security vulnerabilities identified by automated tools

  • Perform manual testing to supplement results of automated scanning and testing tools

  • Provide status and resolve issues that impact testing as required

  • Document identified security vulnerabilities and related matters in a clear, concise and timely manner

  • Meet with the application teams to review, describe and explain identified security vulnerabilities and possible remediation

  • Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities

  • Update documentation as required

  • Maintain electronic or paper trail of testing activity for audit purposes

  • Maintain confidentiality of authentication credentials, sensitive application information and test results before, during and after completion testing and/or retesting

The Info Security Engineer will additionally be responsible for:

  • Providing ad-hoc penetration testing as necessary

  • Providing application security consulting SME Support to developers

  • Providing for root cause analysis and incident management investigation

  • Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities

  • Develop and review malicious use cases/threat models

  • Maintain a broad understanding of security technologies and products

  • Actively participate on improving the security culture and education throughout the organization.

Required Qualifications

  • 3+ years of information security applications and systems experience
  • 3+ years of DAST (Dynamic Application Security Testing) experience
  • 3+ years of automated information security penetration tools experience
  • 3+ years of manual information security penetration testing tools, topics, and techniques experience

Desired Qualifications

  • Advanced Information Security technical skills

  • Ability to manage complex issues and develop solutions

  • Excellent verbal and written communication skills

  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis

  • Knowledge and understanding of banking or financial services industry

  • Experience working in a large enterprise environment

  • Strong analytical skills with high attention to detail and accuracy

  • Knowledge and understanding of information security industry standards and government regulations

  • Ability to manage multiple and competing priorities

  • Ability to work with limited supervision

  • Ability to take on a high level of responsibility, initiative, and accountability

  • Good attention to detail and accuracy skills

  • Strong collaboration and partnering skills

Job Expectations

  • Ability to work weekends and holidays as needed or scheduled

Disclaimer

All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.


See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Assoc Info Security Analyst

Ameriprise Financial

Posted 7 days ago

VIEW JOBS 11/14/2018 12:00:00 AM 2019-02-12T00:00 The primary role of the Assoc Info Security Analyst is to develop the information security knowledge and experience to help secure the firms technology systems, applications and information assets. Responsible for working closely with experienced information security professionals to provide operational support for ongoing business-as-usual work and projects across the information security function, including Identity & Access Management, Government and Regulatory Compliance, Incident Management, Threat & Vulnerability Management and Surveillance and Reporting. Responsibilities Information Security Services is a highly collaborative department. You will be expected to engage and interact with your ISS colleagues as well as across technology and the business to properly secure the global Enterprise. The candidate must: * Enjoy working with across technology teams and helping them solve their information security problems. * Embrace a challenge and can think creatively. * Like learning new things. * Possess strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. * Be able to effectively influence others to modify their opinions, plans, or behaviors. * Have an understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business. * Maintain an understanding of organizational mission, values, and goals and consistent application of this knowledge. Major areas of accountability: * Partner with and work across the entire Information Technology organization to deliver secure business solutions * IAG (Identity & Access Governance) Capabilities, Services, and Processes * PAM (Privileged Access Management) Capabilities, Services, and Processes * SIEM (Security Information Event Monitoring) Capabilities, Services, and Processes * Learn and support various security tools * Application security design * Security architecture design * Defining business, user, and systems requirements * Developing user acceptance test plans * Developing, document, test and modify new and existing code * Developing working knowledge of systems and processes * Business Analysis * Building Process Flows * Presentations (Creating and Delivering) * Risk Identification and Remediation * Project Management * Project Coordination * Reporting (SQL queries to databases) / Correlation * ITIL (Change, Problem, Incident, Configuration) Management The key responsibilities of the role are as follows: * Researches, designs, and implements information security Identity and Access Governance solutions for organization systems and products that comply with all applicable security policies and standards * Help develop automated as well as manual access provisioning workflows. * Consult with application teams in configuring automated validation processes between the IdM and the application. * Serve as a Subject Matter Expert (SME) for application security access provisioning solutions and audit compliance. * Document business and technical processes surrounding user access, segregation of duties, provisioning and identity management. * Provide education and consulting for application provisioning administration training to Business/IT users. * Establish and manage overall integration plans for small to medium size efforts. * Conduct Quality Assurance (QA) testing on various security platforms. * Perform Gap Analysis on application security structures Required Qualifications * Bachelor's degree in Computer Science, MIS, Technology Forensics or related technical field; or equivalent work experience. * 1-3 years of relevant experience. * 1-3 years information security analysis experience (in specialties across the function); or equivalent training and experience. * Effective written and verbal communication skills. Excellent problem-solving and analysis skills and attention to detail. * General understanding of information security processes and methodologies and its role in the Software Development Life Cycle (SDLC). * Effective analysis, problem solving, follow-through and time management skills. About Our Company With the right company, life can be brilliant. At Ameriprise, we're not just in the business of helping clients with their financial goals — we also help our advisors and employees reach their true potential. Be part of an inclusive, collaborative culture that rewards you for your contributions and work with other talented individuals who share your passion for doing great work. You'll also have plenty of opportunities to make your mark at the office and a difference in your community. So if you're talented, driven and want to work for a strong ethical company that cares, take the next step to create a brilliant career at Ameriprise Financial. Ameriprise Financial Minneapolis MN

Info Security Engineer 3 - Application Security Tester

Wells Fargo