Description

Enterprise Information Security within client is seeking an Info SecurityEngineer to support application security for Wells Fargo. In this role, theinitial function will be to perform Dynamic Application Security Testing (DAST)retests to determine if remediation of previously identified vulnerabilities inapplications was successful. Later, you will work with software developmentpartners to identify and mitigate the security vulnerabilities in applicationsthrough Dynamic Application Security Testing (DAST) of applications.Communication with the business security team, information security consultants(ISCs), operation risk consultants (ORCs), enterprise security group, anddevelopment technology partners is critical in this role. You will also act asan application security SME for the development and security communities.

The Info Security Engineer will:

Conduct dynamic application security testing using both manual and automated testing tools.

Review test results from tools

Ensure that automated tests are completed successfully

Configure tools as required to be successful in evaluating applications

Identify and remove any false positives from automated testing tool reports

Triage & Disposition results and enforce a Bug Bar

Verify/validate defect fixes

Provide application security consulting SME Support to developers

Assist developers with understanding of security defects and risk

Assist in defining acceptable solution to fix defects

Communicate Security risk to ISCs and ORCs to document security issues and controls for security planning purposes

Help maintain Security Coding Standards and Bug Bar as required

Assist in the Development of standards as required

Provide training

Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities

Develop and review malicious use cases/threat models

Maintain a broad understanding of security technologies and products

Actively participate on improving the security culture and education throughout the organization

REQUIRED QUALIFICATIONS

5+ years of experience in security applications and systems

3+ years of DAST (Dynamic Application Security Testing) experience

Minimum of 3 years of demonstrated experience with automated penetration tools

Minimum of 3 years of demonstrated experience with manual penetration testing tools

Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization

DESIRED QUALIFICATIONS

Advanced Information Security technical skills

Ability to manage complex issues and develop solutions

Excellent verbal and written communication skills

Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis

Knowledge and understanding of banking or financial services industry

Experience working in a large enterprise environment

Strong analytical skills with high attention to detail and accuracy

Knowledge and understanding of information security industry standards and government regulations

Ability to manage multiple and competing priorities

Ability to work with limited supervision

Ability to take on a high level of responsibility, initiative, and accountability

Good attention to detail and accuracy skills

Strong collaboration and partnering skills

Demonstrated experience developing and reviewing malicious use cases/threat models