We are looking for an Information Security Engineer to perform web, mobile, thick client application and web Services security testing on Wells Fargo applications for the Dynamic Application Security testing processes. This person will perform application security testing to identify security defects in web, mobile, thick client application and web Services by following DAST policies and processes. This person will be an SME to provide guidance and assistance to team members but not limited to DAST activities. Prefer a candidate that has extensive knowledge in performing dynamic application security assessments and hands on techniques for identifying SQL injections, XSS, Authentication, Authorization CSRF, OWASP top 10 issues by using automated scanners and manual testing tools and generate reports. Should have experience in writing proof-of-concepts exploits and create custom payloads and modules for common ethical hacking framework and tools and should be able to own, drive and contribute to DAST projects and various DAST initiatives. This position will support the DAST team in security assessments and commitments process within the Information & Cyber Security (ICS) for information needs.
Designs, documents, tests, maintains, and provides issue resolution recommendations for moderately complex security.
Provides security consulting on medium projects for internal clients to ensure conformity with corporate information security policy, and standards.
Possesses subject matter expertise in industry leading security solutions and best practices used to implement one or more components of information security such as availability, integrity, confidentiality, risk management, access management, and business continuity. May interface with senior management.
Perform application security testing to identify security defects in web, mobile, thick client application and web Services by following DAST policies and processes.
Works with a variety complex applications, teams and business system consultants for performing application security assessments and performing retest.
Build and maintain strong relationships within a variety of teams throughout the organization.
Assist with building sustainment reports to monitor DAST compliance with policies.
Successful candidate will work closely with the various stakeholders within DAST, SA&C, Information Security Management, Risk, and with business lines and technology leadership across the enterprise in the execution of the WF strategies/objectives. Accordingly, critical success factors will include the ability to effectively engage in a matrixed organization, develop partnerships with many business and functional areas, and have a strong operational and delivery focus. Accordingly, critical success factors will include the ability to effectively engage in a matrixed organization, develop partnerships with many business and functional areas, and have a strong operational and delivery focus
Market Skills and Certifications
Bachelors or Masters degree in Technology /Engineering
6years of information security applications and systems experience
5years of information technology applications and systems experience
6years of experience working with Manual testing tools including Burp Suite, ZAP, Fiddler, Nmap and developing various payloads for testing.
5years of experience with running scans using automated scanners and troubleshooting scanner issues.
5years of experience with end to end mobile application security testing using automation and manual testing tools.
3years of experience with web services testing and frameworks
Have a solid understanding of cloud application security testing and remediation
3years of experience in thick client application testing
Expert analytical skills with a keen ability to see how to translate needs of the teams into tangible deliverables.
High level understanding of various development data technologies and development environments.
Excellent communication skills and ability to articulate complex material to a diverse audience.
Strong customer relationship management skills.
Excellent verbal, written, and interpersonal communication skills.
Ability to transform conceptual design to technical implementation
Ability to identify challenges, anticipate obstacles, influence and resolve issues.
Excellent documentation and communication skills (written and spoken) including Senior Management.
We Value Diversity At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law. We comply with all applicable laws in every jurisdiction in which we operate. 65865