At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.
ENTERPRISE INFORMATION SECURITY:
Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.
Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.
The Secure Software Group is a core part of the Enterprise Information Security organization and is dedicated to developing and embedding security practices into the Wells Fargo software development lifecycle. SSG represents a strong and focused commitment by Wells Fargo executives and management to meet the security needs of an ever changing software landscape and to ensure our customers information is secure.
KEY JOB RESPONSIBILITIES (ESSENTIAL POSITION FUNCTIONS):
This position has reporting responsibility to the Secure Software Group within the Wells Fargo Enterprise Information Security organization.
This individual will focus on work associated with the Enterprise Application Security Program and be responsible for ensuring the design, implementation, and ongoing governance of the Secure-Software Development Lifecycle (Secure-SDLC). The selected candidate must help to drive cultural and organizational change across development environments such that Secure-SDLC processes and secure coding methods will be thoroughly embedded within the Wells Fargo Software Development Lifecycle.
Additionally, this individual must be able to handle multiple ongoing projects as part of the Enterprise Application Security Program and therefore must possess a strong combination of analytical, assessment, assurance, organizational and relationship management skills, and must be capable of working successfully with a wide variety of stakeholders such as application owners, project managers, systems architects, application developers, quality assurance testers, and others in a highly distributed environment.
In addition, this individual will serve as a Secure-SDLC Subject Matter Expert (SME) responsible for the specific technological areas of application security listed in the Required Qualifications and Desired Skills sections below.Required Qualifications
- 7+ years of information security applications and systems experience
- 7+ years of information security experience
- 2+ years of web applications experience
- 1+ year of DAST (Dynamic Application Security Testing) experience
- 2+ years of Configuration Management Tools experience
- 3+ years of Python experience
- 3+ years of Java experience
- Advanced Information Security technical skills and understanding of information security practices and policies
- Ability to manage complex issues and develop solutions
- Excellent verbal and written communication skills
- SAST (Static Analysis Software Testing) experience
- 4+ years of DAST (Dynamic Application Security Testing) experience
- Secure SDLC (System Development Life Cycle) methodologies experience
- Knowledge and understanding of monitoring the development of security vulnerabilities, threats, exposures, associated risk, and mitigating solutions
- Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
- Certified Information Systems Security Professional (CISSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Fortify Code Analyzer experience
- A BS/BA degree or higher
- Recent experience with CI/CD tool experience
- Hands on experience configuring IDEs as a developer (Eclipse and/or Visual Studio or similar)
- Hands on experience with all or some of the following practices; threat modeling, static analysis, bug bars, attack surface analysis, risk/privacy assessments, dynamic analysis, design requirements
- Hands on experience with FOSS, and open source application development tools and repositories
- Application security experience with banking/financial services applications
- Experience with Microsoft’s Secure Development Lifecycle
- Able to work independently without direct, continuous supervision
- All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.