Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as 'Personal Cell' or 'Cellular' in the contact information of your application.
At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers.
The Enterprise Password Services (EPS) team in Enterprise Information Security (EIS) is looking for an experienced, well rounded, senior Information Security Engineer.
The EPS team is responsible for securely managing passwords for myriad applications and authentication systems of record throughout Wells Fargo. User passwords are managed by the Automated Password Service, an adaptation of the Hitachi ID Password Manager product. Privileged and service accounts are managed by the CyberArk Enterprise Password Vault. Additionally the team manages the in-house developed Secure One-Time Authentication application for out-of-band, auditable team-member-to-team-member authentication.
This position will support the development of secure solutions that align with the broader EPS team objectives and requirements. The position may also provide leadership, mentoring and direction for less experienced EPS developers and engineers. The successful candidate must be comfortable working on multiple dynamic projects simultaneously.
Responsibilities will include but are not limited to:
Identifying, formulating and helping to implement complex information security tools, solutions and controls.
Acting as a lead in providing guidance and consultation for secure application design, utilizing a thorough understanding of applicable technology, tools and existing designs.
Analyzing highly complex business requirements, designing and writing technical specifications to design or redesign complex computer platforms and applications.
Verifying program logic by writing test plans and overseeing the preparation of test data, testing and debugging of programs.
Performing security peer reviews prior to code deployments.
Overseeing overall systems testing and the migration of applications to production.
Assuring quality, security and compliance requirements are met for supported area and overseeing creation of or updates to and testing of the business continuation plan.
Developing and reviewing malicious use cases/threat models.
Providing ad hoc penetration testing as necessary.
Investigating and potentially implementing fixes for security vulnerabilities.
Maintaining a broad understanding of security technologies and products.
Staying up to speed on third party (inside and outside Wells Fargo) known security vulnerabilities.
Actively participating in improving the security culture and education throughout the organization.
Due to the sensitive nature of our area of focus, a strong background in security-focused software development best practices (e.g. avoiding XSS vulnerabilities, preventing buffer overflows, using CSRF tokens, avoiding SQL injection) and experience with secure Systems Development Life Cycle (SDLC) practices, particularly with source code management and deployment, are important.
**Willing to consider all approved technical hub locations for Wells Fargo.**
7+ years of information security applications and systems experience
7+ years of information security experience
3+ years of relational database experience
3+ years of experience working in a large enterprise network organization
5 + years of web application development experience
7+ years of application development experience
Advanced Information Security technical skills and understanding of information security practices and policies
Ability to manage complex issues and develop solutions
Excellent verbal and written communication skills
Experience working in a large enterprise environment
Ability to identify and manage complex issues and negotiate solutions within a geographically dispersed organization
Ability to manage multiple and competing priorities
Ability to take on a high level of responsibility, initiative, and accountability
Ability to work with limited supervision
Good analytical skills with high attention to detail and accuracy
Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
Knowledge and understanding of cryptography and key management
Knowledge and understanding of leveraging and administering digital certificates, and keys for authentication and encryption
Knowledge and understanding of security issues and hardening best practices
Knowledge and understanding of security policies and standards
Knowledge and understanding of security technologies and concepts including identity management, single sign on, directory services, role based access control, cryptographic algorithms, mutual authentication and certificate management
Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats
Strong collaboration and partnering skills
Web application security vulnerability detection and mitigation experience
Experience articulating issues, risks, and proposed solutions to various levels of staff and management
Knowledge and understanding of secure solutions within the financial services industry
Ability to discuss information security risks at a detailed technical level
Knowledge and understanding of Python, Ruby, PowerShell, and Shell scripting
Other Desired Qualifications
CISSP or equivalent certification
Experience with Hitachi ID Password Manager
Experience with CyberArk Enterprise Password Vault suite
Multiple OS support experience (Windows, Linux)
Familiarity with networking protocols (HTTP, TLS, LDAP, TCP)
3+ years of .Net development experience
3+ years of PowerShell development experience
3+ years of Python development experience
3+ years of PHP development experience
Application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25
AZ-PHX-Northwest Phoenix: 2222 W Rose Garden Ln - Phoenix, AZ AZ-PHX-Central Phoenix: 100 W Washington St - Phoenix, AZ CA-SF-Financial District: 333 Market St - San Francisco, CA CA-SF-Financial District: 420 Montgomery - San Francisco, CA IA-West Des Moines: 800 S Jordan Creek Pkwy - West Des Moines, IA IL-Chicago: 10 S Wacker Drive - Chicago, IL MA-Boston: 125 High Street - Boston, MA MN-Minneapolis: 255 2nd Ave S - Minneapolis, MN MN-Minneapolis: 600 S 4th St - Minneapolis, MN MN-Minneapolis: 425 E Hennepin Ave - Minneapolis, MN MO-Saint Louis: 1 N Jefferson Ave - Saint Louis, MO NC-Raleigh: 1100 Corporate Center Dr - Raleigh, NC TX-DAL-Downtown Dallas: 1445 Ross Ave - Dallas, TX NY-New York: 150 E 42nd St - New York, NY PA-Philadelphia: 101 N Independence Mall E - Philadelphia, PA
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women. Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
Internal Number: 5534782-11
About Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a diversified, community-based financial services company with $1.9 trillion in assets. Wells Fargo’s vision is to satisfy our customers’ financial needs and help them succeed financially. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides banking, investment and mortgage products and services, as well as consumer and commercial finance, through 7,400 locations, more than 13,000 ATMs, the internet (wellsfargo.com) and mobile banking, and has offices in 32 countries and territories to support customers who conduct business in the global economy. With approximately 260,000 team members, Wells Fargo serves one in three households in the United States. Wells Fargo & Company was ranked No. 29 on Fortune’s 2019 rankings of America’s largest corporations. News, insights and perspectives from Wells Fargo are also available at Wells Fargo Stories.
www.wellsfargo.com | Twitter: @WellsFargo