About this role:
Wells Fargo is seeking a Senior Cyber Security Research Consultant to perform Dynamic Application Security Testing as part of the Software Development Lifecycle. In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through DAST in test environments. Communication with the business security team, enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.
In this role, you will:
- Conduct penetration testing / dynamic application security testing using both manual and automated testing tools.
- Build attack model
- Ensure that automated tests are completed successfully
- Configure tools as required to be successful in evaluating applications
- Validate all defects identified through testing
- Triage & Disposition results and enforce a Bug Bar
- Verify/validate defect fixes
- Provide application security consulting SME support to developers
- Assist developers with understanding of security defects and risk
- Assist in defining acceptable solution to fix defects
- Clearly document and Communicate Security risk to the business
- Help maintain Security Coding Standards and Bug Bar as required
- Assist in the Development of standards as required
- Provide training and mentorship for other testers
- Develop and review malicious use cases/threat models
- Lead or participate in the research, analysis, design, testing and implementation of complex computer network security and protection technologies for company information and network systems and applications
- Act as professional ethical penetration tester utilizing hacking tools to modify or create proof of concept exploits that mimic techniques of attackers to identify vulnerabilities and associate with a severity rating by deriving impact and ease of exploit
- Review and analyze advanced computer security incident response activities and technical investigations of information security related incidents or breach related activates
- Perform tests on networking devices, appliance products and web based application
- Implement and develop custom penetration testing techniques and tools
- Perform security risk assessments to ensure compliance with corporate information security policies and adherence to best practices
- Provide guidance and leadership to more experienced Information Security Engineers and act as a mentor for these engineers interested in penetration testing and offensive security
- Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
Required Qualifications, US:
- 4+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 4+ years Dynamic Application Security Testing (DAST)
- 2+ years programming experience
Advanced Information Security technical skills.
Proficient in working with systems, networks, and application vulnerability testing
Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
Experience with Python, PowerShell or similar programing language
- Hybrid model (reporting in office partially, with ability to work from home partially)
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.