Senior Cyber Security Research Engineer Application Pen Test

About this role:

Wells Fargo is seeking a Senior Application Pen Tester to identify, validate, and exploit security vulnerabilities through hands-on, manual testing across a broad range of application technologies (browser-based/web, APIs, mobile, mainframe, and thick client). Successful candidates will have demonstrable, real-world manual penetration testing experience and be comfortable going beyond automated scanner output to reproduce, validate, and investigate findings. Success in this role means delivering high-confidence, reproducible vulnerabilities with clear evidence and practical remediation guidance, and partnering with application teams to drive timely fixes.

In this role, you will:

• Conduct application penetration testing across browser-based/web applications, APIs, and mobile applications (and where applicable mainframe and thick client applications) using primarily manual techniques supplemented by automated tools; include authentication/authorization testing and business-logic abuse cases where applicable
• Configure and tune automated tools to support testing, improve coverage, and accelerate discovery (as a complement to manual testing)
• Perform deep defect analysis by reproducing, validating, and safely demonstrating impact (including chained attack paths when applicable); triage and disposition false positives from automated tooling
• Produce clear, reproducible technical reports with evidence (steps to reproduce, impacted components/endpoints, and risk/impact) and practical remediation guidance
• Collaborate with application and security teams to ensure shared understanding of defects, prioritization, and remediation paths; support defect walkthroughs and follow-up questions as needed
• Support continuous improvement of testing methodologies and processes leveraging industry standards and best practices
• Collaborate with other members of the team to share knowledge and complete peer reviews of reports
• Communicate findings and risk clearly to technical and non-technical stakeholders; support readouts, status updates, and remediation Q&A
• Demonstrate proficiency in using AI assisted development and analysis tools (e.g., GitHub Copilot and approved code centric agents)
• Leverage AI to accelerate system design, coding, testing, analysis, and troubleshooting
• Apply strong technical judgment when validating and integrating AI assisted outputs into solutions
• Understand and account for model limitations, security risks, and operational considerations
• Apply AI responsibly in development and production environments
• Ensure AI usage aligns with security, compliance, privacy, and ethical standards

Required Qualifications:

• 4+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 2+ years of hands-on application penetration testing experience (manual testing required), beyond reviewing/validating automated scanner results
• 2+ years of Dynamic Application Security Testing (DAST) experience, including tool configuration/tuning and manual verification of findings

Desired Qualifications:

• Advanced experience with testing tools such as Burp Suite, Invicti, WebInspect, and Fiddler (and applying them to web, API, mobile, and thick client testing as applicable)
• Advanced knowledge of application security and common vulnerabilities (OWASP Top 10)
• Experience with scripting and automation (e.g., Python, Shell)
• Knowledge of security best practices and compliance standards (e.g., PCI DSS, GDPR)
• Excellent communication skills and the ability to collaborate effectively with cross-functional teams
• Strong problem-solving and analytical skills
• Demonstrated knowledge of AI/ML-enabled applications and common security risks (for example, prompt injection, sensitive data exposure, and insecure integrations)
• Security certifications such as OSCP, BSCP, GWAPT, GPEN, GXPN or equivalent are a plus

Job Expectations:

• This position offers a hybrid work schedule
• This position is not eligible for Visa sponsorship

Locations:

• 1525 W. WT Harris Blvd., Charlotte, NC
• 2600 S Price Rd, Chandler, Arizona
• 401 Las Colinas Blvd. W, Irving, TX

Posting End Date: 

*Job posting may come down early due to volume of applicants.

We Value Equal Opportunity

Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug free workplace.  Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.