Wells Fargo & Company (NYSE: WFC) is a leading global financial services company with $2.0 trillion in assets and offices in over 37 countries. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides asset management, capital raising and advisory, financing, foreign exchange, payments, risk management, and trade finance services to support customers who conduct business in the global economy. At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We also value the viewpoints of our team members and encourage them to be their best. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience. We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Learn more at our International Careers website.
Market Job Description
About Enterprise Global Services:
Enterprise Global Services (EGS) enables global talent capabilities for Wells Fargo Bank NA., by supporting over half of Wells Fargo's business lines and staff functions across Technology, Operations, Risk Services and Knowledge Services. EGS operates in Hyderabad, Bengaluru and Chennai in India and in Manila, Philippines. Learn more about EGS at our International Careers website.
Enterprise Application Security Program is a part of Enterprise Information Security which Governs, Oversees and Enables incorporation of security practices into SDLC for Wells Fargo applications.
This position is an Information Security Engineer 4 will perform an Individual contributor role in Enterprise Information Security Program (EASP) who needs to contribute to EASP practices from EGS.
Contribute to the Static Application Security Testing Stream (SAST) to enable tools, Deprecate Unsafe Functionality (DUF) practices from EGS and contribute to the EASP program.
Contribute to security coding guidelines for different programming languages.
Understand the EASP program and its implementation across the organization and stay abreast with the changes to the program.
Enable the program by creating, on-boarding, maintaining and supporting SAST tools in EASP.
Suggest and execute changes to the program and implement the changes to the enabling tools.
Integrate with the state side leads to understand requirements and implement them in the practices and tools.
Develop and leverage the ability to execute any EASP stream assigned from EGS.
Associate with Application Security Champions, Architects and Application development teams in Governance, oversight and enablement of EASP.
Apply knowledge of information security and application development industry trends and technology to drive organizational change and position to properly manage and remediate vulnerabilities.
Coach junior team members in the team to understand and deliver based on the requirements of the program.
8+ years of Overall IT experience
6+ years of application security Experience
3+ years of experience with all or some of the following practices like Security Requirements, Application Threat Modeling, Static Analysis, Application Security Risk Assessments, Security Design requirements.
SAST (Static Analysis Software Testing) experience with tools like Fortify and Checkmarx is a must.
Knowledge and experience in working with various application security tools and systems.
Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies.
Experience in drafting application security coding standards.
Knowledge and experience in identifying and suggesting mitigations to OWASP top 10, CWE/SANS top 25 to development teams.
Application security experience with banking/financial services applications.
Ability to manage multiple priorities in a fast-paced dynamic environment.
Advanced problem solving skills, ability to develop effective long-term solutions to problems.
Excellent verbal and written communication skills
Excellent inter-personal skills contributing to cordial team environment.
Market Skills and Certifications
Knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices
Ability to manage highly complex issues and negotiate solutions
A Bachelor's degree or higher in information technology
Knowledge and understanding of Application security threat management and mitigation domain.
Knowledge and understanding of Information Security Tools Development Unix and Windows.
Knowledge and understanding of threat modeling and assessment of potential and current information security risk/threats.
Certified in Industry renowned certifications like CSSLP, CEH etc.,
We Value Diversity
At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law. We comply with all applicable laws in every jurisdiction in which we operate.
Apply on company website