Information Security Engineer 5 - SCR Validation Review Team

Wells Fargo   •  

Winston-salem, NC

Industry: Accounting, Finance & Insurance

  •  

8 - 10 years

Posted 95 days ago

Required Qualifications:

  • 7+ years of information security applications and systems experience
  • 5+ years of J2EE experience or 5+ years of .net experience
  • 1+ year of relational database experience
  • 3+ years of static code review experience

Desired Qualifications:

  • Advanced Information Security technical skills and understanding of information security practices and policies
  • Ability to manage complex issues and develop solutions
  • Excellent verbal and written communication skills
  • 3+ years of SAST (Static Analysis Software Testing) experience
  • Knowledge and understanding of technology testing: web-based applications developed in Java or .net framework
  • Knowledge and understanding of design and development of modern web applications and mobile technologies
  • Knowledge and understanding of technology testing: dynamic application or software assessments (web application penetration testing, web application vulnerability testing)
  • Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
  • Ability to organize and manage multiple priorities
  • Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
  • Outstanding problem solving skills
  • Strong negotiating skills
  • Ability to translate and present complex technical data across technical and non-technical groups

Other Desired Qualifications

  • 3+ years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25
  • Experience with, or understanding of, AJAX and web services
  • Experience with server-side JavaScript
  • Experience with Salesforce Apex
  • Experience writing rules for SAST tools like HP Fortify SCA and Checkmarx
  • Involvement in local security groups, such as OWASP local Chapters
  • Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)
  • Understanding of SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc.)
  • Ability to handle difficult situations and to provide alternative solutions or workarounds
  • Flexibility and creativity in helping to find acceptable solutions
  • CISSP, CSSLP, GSSP, or comparable security certification
  • Ability to comprehend large, complex applications written by others from reading source code
  • Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications.
  • Ability to stay current with emerging technologies and industry trends.

Job ID5419883.