Listing Description
Job Description
At Wells Fargo, we have one goal: to satisfy our customers’ financial needs and help them achieve their dreams. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.
Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.
Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.
Required Qualifications
2+ years of information security experience in converged testing (red teaming)
1+ year of experience in network, social, and physical domains
2+ years of experience in one or a combination of the following: creating proof of concepts, creating exploits, or reverse engineering
7+ years of information security experience
5+ years of DAST (Dynamic Application Security Testing) experience
5+ years of automated information security penetration tools experience
5+ years of manual information security penetration testing tools, topics, and techniques experience
Desired Qualifications
Intermediate Information Security technical skills
Proficient in working with systems, networks, and application vulnerability testing
Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
Excellent verbal, written, and interpersonal communication skills
Knowledge and understanding of banking or financial services industry
Experience working in a large enterprise environment
Strong analytical skills with high attention to detail and accuracy
Knowledge and understanding of information security industry standards and government regulations
Ability to manage multiple and competing priorities
Ability to work with limited supervision
Ability to take on a high level of responsibility, initiative, and accountability
Good attention to detail and accuracy skills
Strong collaboration and partnering skillsFFIEC Testing Responsibilities
Meet with application team to collect information and determine scope of testing
Install, configure, use and maintain scanning and testing tools
Manually verify security vulnerabilities identified by automated tools
Perform manual testing to supplement results of automated scanning and testing tools
Provide status and resolve issues that impact testing as required
Document identified security vulnerabilities and related matters in a clear, concise and timely manner
Meet with the application teams to review, describe and explain identified security vulnerabilities and possible remediation
Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities
Update documentation as required
Maintain electronic or paper trail of testing activity for audit purposes
Maintain confidentiality of authentication credentials, sensitive application information and test results before, during and after completion of compliance testing and/or retesting
The Info Security Engineer will additionally be responsible for:
Providing adhoc penetration testing as necessary
Providing application security consulting SME Support to developers
Providing for root cause analysis and incident management investigation
Providing security training as required
Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
Develop and review malicious use cases/threat models
Maintain a broad understanding of security technologies and products
Actively participate on improving the security culture and education throughout the organization.
Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments
The ability to provide support after normal business hours as needed
A strong ability to multi-task and manage varying priorities and projects
Demonstrated excellent written and oral communication skills
Listing Details
- Citizenship: No Requirements
- Incentives: Bonus
- Education: No Requirements
- Travel: No Travel
- Telework: Full Telecommute