Application Security Champion (Info Sec Eng 4)
The Wealth, Brokerage & Retirement Technology has openings for Application Security Champions to play an integral part of a new initiative to formalize and enhance the capability to manage and remediate vulnerabilities identified within specific domain technologies. Each new position will be alligned to a domain CIO's group and are accountable for addressing all vulnerabilities identified and relating to their applications and the servers on which those applications run. They are also accountable for implementing processes and practices in support of the Enterprise Application Security Program and champion Information Security best practices.
This is an exciting opportunity for qualified application systems engineers with a passion for learning, developing new skills and helping others incorporate these new skills into their software development lifecycle. The successful application engineer will work closely with Enterprise Information Security to learn secure development code practices and help application teams adopt and incorporate these new coding practices into their SDLC methodologies.
The core responsibilities for this role are:
- Partner with EIS and Enterprise Application Security Program to implement application security initiatives including Secure Code Practices.
- Provide technical guidance to developers on discovering and remediating software coding security vulnerabilities.
- Insure strong progress through side by side work with app managers through key secure coding deliverables.
- Analyze and provide management reporting on vulnerability detection, remediation and compliance trending.
- Partner with architects and application development teams in secure software design.
- Provide the Secure Software Group (SSG) in Enterprise Information Security (EIS) feedback on information security related processes, tools, and procedures.
- Support communication efforts with application teams.
- Apply knowledge of information security and application development industry trends and technology to drive organizational change and position to properly manage and remediate vulnerabilities.
Note: We are seeking candidates with a strong background in software and application development with an interest in learning security code practice. Training on specific secure code practices can/will be provided.
- 5+ years of information security applications and systems experience
- 3+ years of Open Source experience
- 4+ years of web applications experience
- Advanced Information Security technical skills
- Ability to manage complex issues and develop solutions
- Excellent verbal and written communication skills
- A BS/BA degree or higher in information technology
- DAST (Dynamic Application Security Testing) experience
- Mainframe security experience
- SAST (Static Analysis Software Testing) experience
- Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
- Knowledge and understanding of claims processing: complex issues and resolutions
- Knowledge and understanding of Fortify Code Analyzer
- Knowledge and understanding of information security threat management and mitigation domain
- Knowledge and understanding of Information Security Tools Development Unix and Windows
- Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies
- Certified Information Systems Security Professional (CISSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
Other Desired Qualifications
- 4+ years of hands-on experience in configuring software tools in various environments.
- 4+ years configuring IDEs as a developer (Eclipse and/or Visual Studio).
- Advanced Information Security technical skills and understanding of information security practices and policies
- Ability to manage complex issues and develop solutions
- Hands on experience with FOSS, and open source application development tools and repositories.
- Knowledge or experience with all or some of the following practices; threat modeling, static analysis, bug bars, attack surface analysis, risk/privacy assessments, dynamic analysis, design requirements.
- Exceptional organizational skills, ability to manage multiple priorities in a fast-paced dynamic environment.
- Advanced problem solving skills, ability to develop effective long-term solutions to complex problems.
- Exemplary people and communication (verbal and non-verbal) skills.
- Hands-on experience with application security coding.
- Specific banking domain experience with Wealth Management, Brokerage, Retirement Services
- Application security experience with banking/financial services applications.
NC-Charlotte: 1525 W Wt Harris Blvd - Charlotte, NC
AZ-Chandler: 2600 S Price Rd - Chandler, AZ
CA-SF-Financial District: 333 Market St - San Francisco, CA
IA-West Des Moines: 7001 Westown Pkwy - West Des Moines, IA
MN-Minneapolis: 255 2nd Ave S - Minneapolis, MN
MO-Saint Louis: 1 N Jefferson Ave - Saint Louis, MO
NY-New York: 375 Park Ave - New York, NY
NC-Winston Salem: 809 W 4 1/2 St - Winston Salem, NC
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
0074317 CORPORATE FINANCE
Meet Some of Wells Fargo's Employees
Lauren audits Wells Fargo’s financial reports to assess accuracy and risk. She reviews processes in place, analyzes management controls, and communicates calculations and findings with business partners.
Back to top