||WELLS FARGO BANK
||San Antonio, TX
|| Computers, Software, Consulting Services, Engineering, Finance/Economics, Information Technology, Internet/E-Commerce, Law Enforcement, and Security, Military, Executive Management, Quality Control, Research & Development, Web Technology, Energy / Utilities
ICS-SGE App Sec Cyber Security Research Consultant|
About this role:
Wells Fargo is seeking a Cyber Security Research Consultant to perform Dynamic Application Security Testing as part of the Software Development Lifecycle.Â In this role, you will work with software development partners to identify and mitigate the security vulnerabilities in the applications identified through DAST in test environments.Â Communication with the business security team, enterprise security group, and development technology partners is critical in this role. You will also act as an application security SME for the development and security communities within Wells Fargo.
In this role, you will:
- Conduct penetration testing / dynamic application security testing using both manual and automated testing tools.
- Build attack model
- Ensure that automated tests are completed successfully
- Configure tools as required to be successful in evaluating applications
- Validate all defects identified through testing
- Triage & Disposition results and enforce a Bug Bar
- Verify/validate defect fixes
- Provide application security consulting SME support to developers
- Assist developers with understanding of security defects and risk
- Assist in defining acceptable solution to fix defects
- Clearly document and Communicate Security risk to the business
- Participate in the research, analysis, design, testing and implementation of medium to complex computer network security and protection technologies
- Act as professional ethical penetration tester utilizing hacking tools to modify or create proof of concept exploits that mimic techniques of attackers to identify vulnerabilities and associate with a severity rating by deriving impact and ease of exploit
- Review and analyze security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture
- Perform basic computer security incident response activities and technical investigations of information security related incidents
- Perform tests on networking devices, appliance products and web based application
- Present recommendations to the line of business on the inherent risks, providing meaningful mitigation strategies
- Provide guidance and leadership to more experienced Information Security Engineers and act as a mentor for theses engineers interested in penetration testing and offensive security
- Perform security risk assessments to ensure compliance with corporate information security policies and adherence to best practices
- Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
- Interact with internal customers
- Receive direction from leaders and exercise independent judgment while developing the knowledge to understand function, policies, procedures, and compliance requirements
Required Qualifications, US:
- 2+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 6+ months Dynamic Application Security Testing (DAST)
- 1+ years programming experience
Advanced Information Security technical skills Proficient in working with systems, networks, and application vulnerability testing Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
- Experience with Python, PowerShell or similar programing language.
Pay Range$84,000.00 - $149,400.00 Annual
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US:Â All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.