TracyRecruiter
the smart solution for Tracy jobs

Information Security Engineer 5 - Security Code Review Team (Tracy,CA)

Company: Wells Fargo
Location: Tracy
Posted on: November 23, 2018

Job Description:

Information Security Engineer 5 - Security Code Review Team (Tracy,CA) Job Description At Wells Fargo, we want to satisfy our customers financial needs and help them succeed financially. We re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you ll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company. ENTERPRISE INFORMATION SECURITY: Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Enterprise Information Security s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer. Note: This position may sit at any core Wells Fargo location or telecommute The EIS Security Code Review (SCR) team provides application vulnerability and risk identification for many of the critical applications used by Wells Fargo, from an automated and manual static analysis (code level) perspective. Within the Cyber Security Defense and Monitoring (CSD&M) organization, this Information Security Engineer position will serve as a high level technical security resource. The new team member will conduct source code level assessment to identify security vulnerabilities and ensure compliance with corporate security policies and adherence to best practices. This is an exciting opportunity to be part of a growing team of niche, high performance security talent, while leveraging mature security code review processes, that will be responsible for the assessment of code level security issues for public facing applications, internally hosted and vendor hosted, supporting local, vendor-integrated, and remote review capabilities. Reviews encompass a vast assortment of language technologies that vary between reviews, with the majority split between both Microsoft and Java-based technologies spanning mobile applications, classic web applications/portals, newer innovation applications and more. While working to your strengths in reviews aligned to your own unique core technology background, you will have supported opportunity to learn new technologies and gain new skills. In fact, professional development is one of the core work objectives for each SCR team member, where enhancing current and building new capabilities are favorable traits and encouraged. This position will report directly to the Security Code Review Leader within Cyber Threat Management (CTM), and will be working with a high performance team of security engineers focused on driving success of manual and automated security review capabilities within the SCR Team that operates as part of CTM within EIS CSD&M. This is an exciting opportunity as Wells Fargo continues to improve and expand our core capabilities in application vulnerability detection, risk identification and reporting. Team members are spread across several locations, with the majority of the team working remotely. We focus on hiring the best talent regardless of the location. We don t expect you to join us and hit the ground running. We take what we do seriously, and expect to train you on our processes with a learning curve that will take several months to master fully. We believe in diversity. Your opinions matter to us, opening discussion forums to the opinions of all team members so that we can uniformly make strategic and operational improvements that consider all sides or inviting you to opt-in to specialized team or department level working groups that assess unique and diverse topics in code level security that will help to optimize vulnerability detection, how we assess risk, and consider appropriate safeguards. If this sounds like a position that interests you, apply today. We d like to understand your capabilities, background, and opinions on application security.Required Qualifications7+ years of information security applications and systems experience5+ years of J2EE experience or 5+ years of .net experience1+ year of relational database experience3+ years of SAST (Static Analysis Software Testing) experience3+ years of static code review experience2+ years application security vulnerability detection and mitigation experience with Open Web Application Security Project (OWASP) Top 10 and SANS Common Weakness Enumeration Top 25 Desired QualificationsAdvanced Information Security technical skills and understanding of information security practices and policiesAbility to manage complex issues and develop solutionsExcellent verbal and written communication skillsKnowledge and understanding of technology testing: web-based applications developed in Java or .net frameworkKnowledge and understanding of design and development of modern web applications and mobile technologiesKnowledge and understanding of technology testing: dynamic application or software assessments (web application penetration testing, web application vulnerability testing)Ability to execute in a fast paced, high demand, environment while balancing multiple prioritiesAbility to organize and manage multiple prioritiesAbility to articulate issues, risks, and proposed solutions to various levels of staff and managementOutstanding problem solving skillsStrong negotiating skillsAbility to translate and present complex technical data across technical and non-technical groups Other Desired Qualifications Advanced Information Security technical skills and understanding of information security practices and policies Knowledge and understanding of technologies and solutions dealing with information security issues. Experience with, or understanding of, AJAX and web services Experience with server-side JavaScript Experience with Salesforce Apex Experience writing rules for SAST tools like HP Fortify SCA and Checkmarx Involved in local security groups, such as OWASP local Chapters Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.) Understanding of SSL/TLS and Cryptography (symmetric and asymmetric encryption, PKI, etc.) Ability to handle difficult situations and to provide alternative solutions or workarounds Flexible and creative in helping to find acceptable solutions CISSP, CSSLP, GSSP, or comparable security certification Ability to comprehend large, complex applications written by others from reading source code Knowledge of risk assessment methodologies and frameworks and how to apply them to diverse applications. Ability to stay current with emerging technologies and industry trendsDisclaimerAll offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.Relevant military experience is considered for veterans and transitioning service men and women.Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Keywords: Wells Fargo, Tracy , Information Security Engineer 5 - Security Code Review Team (Tracy,CA), Engineering , Tracy, California

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Other Engineering Jobs


Mechanical Engineer - Thermal Products with Security Clearance
Description: Description: Mechanical Engineer for Special Programs Remote Sensing Structures, Thermal Hardware, Integration Product teams. The candidate will work closely with the Remote Sensing Structures, Thermal (more...)
Company: LOCKHEED MARTIN CORPORATION
Location: Sunnyvale
Posted on: 12/17/2018

RF Engineer Sr
Description: Description: Candidate will develop advanced electromagnetic technologies to meet customer requirements. This includes developing models using computer-aided
Company: Lockheed Martin Corporation
Location: Sunnyvale
Posted on: 12/17/2018

Diesel Technician/Mechanic II
Description: Position Summary : Penske Technician II will generally assist in the repair and diagnosis of major components or remove/replace major components of various truck and trailer equipment at the direction (more...)
Company: Penske
Location: Ceres
Posted on: 12/17/2018


Android Streaming Engineer - Firmware
Description: Our Oakland, CA area client has an immediate need for an Android Software Engineer. This is a full-time, direct hire opportunity.Job SummaryYou will develop highly sophisticated,
Company: Mice Groups
Location: Oakland
Posted on: 12/17/2018

91B Light-Wheel Vehicle Mechanic
Description: As a Light-Wheel Vehicle Mechanic for the Army National Guard you'll ensure that anything that moves on wheels is ready to hit the road. In this role, you will primarily be responsible for supervising (more...)
Company: Army National Guard
Location: Santa Rosa
Posted on: 12/17/2018

Electronics Engineer Staff Member for Electro-Optical Payloa
Description: Description:An Electronics Engineer Developing Test Systems will work as part of a team of hardware and software engineers in the complete development lifecycle of Special Test Equipment STE and Electrical (more...)
Company: Lockheed Martin
Location: Sunnyvale
Posted on: 12/17/2018

Project Engineer
Description: The Project Engineer is responsible for assisting the Project Manager with the coordination of the implementation of the project. Duties include maintaining certain aspects of the project schedule, managing (more...)
Company: Fairfield Residential
Location: Santa Rosa
Posted on: 12/17/2018

Senior Safety Engineer (Automotive and functional Safety)
Description: Baidu USA, located in Silicon Valley, is looking for embedded software developers to work on the Baidu autonomous driving team. Your primary focus will be analyze the safety requirement and propose the (more...)
Company: Baidu USA
Location: Sunnyvale
Posted on: 12/17/2018

Direct Client : " Kernel engineer/Device driver engineer" position" Jo
Description: We have an urgent job opening with our Direct client. Please go through the job description and let me know the following
Company: Infobahn Softworld Inc.
Location: San Jose
Posted on: 12/17/2018

Network Engineer
Description: What we're looking for: WhiteHat is looking for a Network Engineer to join our Technical Operations team in our San Jose, CA office. We are looking for an engineer with experience operating a large-scale (more...)
Company: WhiteHat Security
Location: San Jose
Posted on: 12/17/2018

Log In or Create An Account

Get the latest California jobs by following @recnetCA on Twitter!

Tracy RSS job feeds