Info Security Engineer 3 - Automated Dynamic Application Security Tester (Adast)

Wells Fargo Minneapolis , MN 55415

Posted 3 days ago

Job Description:

At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Enterprise Finance & Information Technology offers technology and services that exceed Wells Fargo customers' expectations and directly enable them to succeed financially. We interact with customers more than 12 billion times a year through in-store, online, ATM, and telephone transactions. We impact customers directly, through systems availability and security, as well as indirectly, through our business partners who offer and deliver a myriad of products and services that meet customers' financial needs. We provide a competitive advantage for the company through excellence in fundamentals, integrated partnerships, and our talented and engaged team members.

Enterprise Information Security:

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework, that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws.

Job Description

Enterprise Information Security within Wells Fargo is seeking an Info Security Engineer to support application security for all of Wells Fargo applications. In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through Automated Dynamic Application Security Testing (ADAST). Communication with the business security team, information security consultants (ISCs), operation risk consultants (ORCs), enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.

The Info Security Engineer will:

  • Conduct automated dynamic application security testing using automated testing tools

  • Review test results from tools

  • Ensure that automated tests are completed successfully

  • Identify and remove any false positives from automated testing tool reports

  • Triage & Disposition results and enforce a Bug Bar

  • Verify/validate defect fixes

  • Provide application security consulting SME Support to developers

  • Assist developers with understanding of security defects and risk

  • Assist in defining acceptable solution to fix defects

  • Communicate and document security risks, issues and controls for security planning purposes with line of business liaisons Help maintain Security Coding Standards and Bug Bar as required

  • Assist in the Development of standards as required

  • Provide training

  • Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities

  • Develop and review malicious use cases/threat models

  • Maintain a broad understanding of security technologies and products

  • Actively participate on improving the security culture and education throughout the organization

Required Qualifications

  • 3+ years of information security applications and systems experience
  • 1+ years of experience managing application security vulnerabilities as a developer, a system administrator, or an application systems engineer or 1+ years of experience in a role coordinating the test results of vulnerabilities

Desired Qualifications

  • Advanced Information Security technical skills

  • Ability to manage complex issues and develop solutions

  • Excellent verbal and written communication skills

  • 1+ year of DAST (Dynamic Application Security Testing) experience

  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis

  • Knowledge and understanding of banking or financial services industry

  • Experience working in a large enterprise environment

  • Strong analytical skills with high attention to detail and accuracy

  • Knowledge and understanding of information security industry standards and government regulations

  • Ability to manage multiple and competing priorities

  • Ability to work with limited supervision

  • Ability to take on a high level of responsibility, initiative, and accountability

  • Good attention to detail and accuracy skills

  • Strong collaboration and partnering skills

Other Desired Qualifications

  • Demonstrated experience with automated dynamic application security testing using automated testing tools

  • Demonstrated experience developing and reviewing malicious use cases/threat models

Street Address

AZ-Chandler: 2600 S Price Rd

  • Chandler, AZ

MN-Minneapolis: 255 2nd Ave S - Minneapolis, MN

NC-Charlotte: 401 S Tryon St

  • Charlotte, NC

Disclaimer

All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.


upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Information Security Manager 1 Automated Dynamic Application Security Tester (Adast) Team

Wells Fargo

Posted 3 days ago

VIEW JOBS 1/19/2019 12:00:00 AM 2019-04-19T00:00 Job Description At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Enterprise Finance & Information Technology offers technology and services that exceed Wells Fargo customers' expectations and directly enable them to succeed financially. We interact with customers more than 12 billion times a year through in-store, online, ATM, and telephone transactions. We impact customers directly, through systems availability and security, as well as indirectly, through our business partners who offer and deliver a myriad of products and services that meet customers' financial needs. We provide a competitive advantage for the company through excellence in fundamentals, integrated partnerships, and our talented and engaged team members. Enterprise Information Security: Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer. Job Description: Enterprise Information Security within Wells Fargo is seeking an Info Sec Manager to be responsible for the management of a team within the Cyber Threat Management group that performs Automated Dynamic Application Security Testing as part of the SDLC on Line of Business Applications (PAAs) in alignment with the Enterprise Application Security Program (EASP). This manager will partner with the DAST-EASP manager, Security Operations Center, Information Security Line of Business leaders, other Cyber Threat Management managers, EASP personnel, Application Security Consultants, QA teams, and development teams to ensure security tests for applications in scope are planned, resourced, initiated, and completed successfully. This role will ensure that application vulnerability research, tests, and reporting activities are completed on schedule and to budget. This role will be responsible, either directly or through assigned information security resources, for developing quarterly and monthly, and application assessment reports, obtaining and managing appropriate commercial and open source security assessment tools, coordinating efforts of a variety of internal staff, facilitating application security assessment review meetings, and serve as an escalation point for application security issue resolution. Incumbents are knowledgeable of the company's various systems and processes supporting the Enterprise Application Security Program. This role will provide functional and administrative management of the Automated Dynamic Application Security Testing team. The Info Security Manager will: * Build and manage a team of junior information security engineers. * Build and maintain partnerships with EASP, LOB, DAST, and CIO area partners to ensure a successful application security program. * Provide occasional on-call problem resolution escalation for Enterprise Availability Coordination Office (EACO) in a 24x7 environment as required. * Interact with direct reports, partners, peer managers, and mid to senior level management, to drive successful completion of testing scope, awareness of DAST/ADAST, and to facilitate continual process improvement. This will cross all lines of business. * Actively participate on improving the security culture and education throughout the organization. Required Qualifications * 5+ years of experience in one or a combination of the following: information security, IT systems security or technology * 1+ year of leadership experience in an Information Security or IT environment Desired Qualifications * Excellent verbal, written, and interpersonal communication skills * Ability to interact with all levels of an organization * Experience managing a technology infrastructure function, application or information security function that has impact across multiple lines of business * Knowledge and understanding of DAST (Dynamic Application Security Testing) * Knowledge and understanding of information security principles, policies, and procedures * Knowledge and understanding of information security industry standards and government regulations * Knowledge and understanding of technology project management: in the banking/financial industry * Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important * Ability to negotiate, influence, and collaborate to build successful relationships * Ability to negotiate and facilitate issue resolution * Ability to identify and present processes/operational enhancements * Process definition and documentation experience * Ability to present complex material in a digestible, consumable manner to all levels of management * Ability to identify and manage complex issues and negotiate solutions within a geographically dispersed organization * Ability to work effectively, as well as independently, in a team environment * Strong organizational, multi-tasking, and prioritizing skills * Ability to coordinate completion of multiple tasks and meet aggressive time frames * Knowledge and understanding of banking or financial services industry * Knowledge and understanding of process flow or procedure writing Other Desired Qualifications * Ability to prioritize, and manage application security tests. * Experience with reviewing and performing quality assurance for Penetration Test or DAST reports. Job Expectations * Ability to work weekends and holidays as needed or scheduled Street Address NC-Charlotte: 1525 W Wt Harris Blvd - Charlotte, NC MN-Minneapolis: 255 2nd Ave S - Minneapolis, MN AZ-Chandler: 2600 S Price Rd - Chandler, AZ NC-Winston Salem: 809 W 4 1/2 St - Winston Salem, NC CA-SF-Financial District: 333 Market St - San Francisco, CA NC-Charlotte: 401 S Tryon St - Charlotte, NC Disclaimer All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act. Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation. Wells Fargo Minneapolis MN

Info Security Engineer 3 - Automated Dynamic Application Security Tester (Adast)

Wells Fargo