Information Security Engineer 5 - Security Code Review Team
Location: Minneapolis, Minnesota, West Des Moines, Iowa, Chandler, Arizona, Plano, Texas, Charlotte, North Carolina, Winston-Salem, North Carolina, St Louis, Missouri
Job ID: 5381594
Wells Fargo technology teams drive innovation to create a more powerful and fulfilling financial experience for our customers and team members. You will join more than 24,000 team members supporting 95 billion transactions annually in 10 countries. Our career opportunities span the technology spectrum: advanced analytics, big data, information security, application development, cloud enablement, project management and more.
- Job Type: Full Time
Check out the top traits we're looking for and see if you have the right mix.
- Analytical 8
- Detail-oriented 7
- Insightful 6
- Inventive 7
- Problem Solver 6
- Curious 5
Wells Fargo wants to help you get more out of life and take care of things outside the office to make life a little easier. We provide:
Medical, Dental and Vision
Employer Matching 401(k)
Maternity and Paternity Leave
Paid Time Off
Opportunity to work on large complex projects, good chances to gain experience in different areas of the bank. Good opportunities to learn about all areas of financial management. Many different locations to work out of.- Glassdoor
ENTERPRISE INFORMATION SECURITY:
Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.
Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.
Note: This position may sit at any core Wells Fargo location or telecommute
The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective.
Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Information Security Engineer position will serve as a high level technical security resource. The new team member will conduct source code level assessment to identify security vulnerabilities and ensure compliance with corporate security policies and adherence to best practices. This is an exciting opportunity to be part of a growing team of niche, high performance security talent, while leveraging mature security code review processes, that will be responsible for the assessment of code level security issues for public facing applications, internally hosted and vendor hosted, supporting local, vendor-integrated, and remote review capabilities.
Reviews encompass a vast assortment of language technologies that vary between reviews, with the majority split between both Microsoft and Java-based technologies spanning mobile applications, classic web applications/portals, newer innovation applications and more. While working to your strengths in reviews aligned to your own unique core technology background, you will have supported opportunity to learn new technologies and gain new skills. In fact, professional development is one of the core work objectives for each SCR team member, where enhancing current and building new capabilities are favorable traits and encouraged.
This position will report directly to the Security Code Review Leader within Cyber Threat Management (CTM), and will be working with a high performance team of security engineers focused on driving success of manual and automated security review capabilities within the SCR Team that operates as part of CTM within EIS CSD&M. This is an exciting opportunity as Wells Fargo continues to improve and expand our core capabilities in application vulnerability detection, risk identification and reporting.
Team members are spread across several locations, with the majority of the team working remotely. We focus on hiring the best talent regardless of the location. We don’t expect you to join us and hit the ground running. We take what we do seriously, and expect to train you on our processes with a learning curve that will take several months to master fully. We believe in diversity. Your opinions matter to us, opening discussion forums to the opinions of all team members so that we can uniformly make strategic and operational improvements that consider all sides or inviting you to opt-in to specialized team or department level working groups that assess unique and diverse topics in code level security that will help to optimize vulnerability detection, how we assess risk, and consider appropriate safeguards.
If this sounds like a position that interests you, apply today. We’d like to understand your capabilities, background, and opinions on application security.
Other Desired Qualifications
- Experience with, or understanding of, AJAX and web services
- Experience with Salesforce Apex
- Experience writing rules for SAST tools like HP Fortify SCA and Checkmarx
- Involved in local security groups, such as OWASP local Chapters
- Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)
- Understanding of SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc.)
- Ability to handle difficult situations and to provide alternative solutions or workarounds
- Flexible and creative in helping to find acceptable solutions
- CISSP, CSSLP, GSSP, or comparable security certification
- Ability to comprehend large, complex applications written by others from reading source code
- Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.
- Ability to stay current with emerging technologies and industry trends
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.