Full Job DescriptionAbout Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a leading global financial services company headquartered in San Francisco (United States). Wells Fargo has offices in over 20 countries and territories. Our business outside of the U.S. mostly focuses on providing banking services for large corporate, government and financial institution clients. We have worldwide expertise and services to help our customers improve earnings, manage risk, and develop opportunities in the global marketplace. Our global reach offers many opportunities for you to develop a career with Wells Fargo. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience. We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Market Job Description
About Wells Fargo India
Wells Fargo India enables global talent capabilities for Wells Fargo Bank NA., by supporting business lines and staff functions across Technology, Operations, Risk, Audit, Process Excellence, Automation and Product, Analytics and Modeling. We are operating in Hyderabad, Bengaluru and Chennai locations
Department Overview:
Wells Fargo views information security as enabling lines of business to mitigate information security risk in accordance with our risk appetite. Through a framework that addresses policy, process, operations, people, and technology, IS protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws.
Our vision is to provide Wells Fargo with world-leading cyber security risk management.
About
Role
:
You will be part of Secure Code Review team under IS organization to support five different lines of business in application security area. You will be performing Secure Code Reviews on different applications developed on Java, J2EE and the related frameworks/technologies for both server side and UI based applications. You will closely work with your immediate reporting manager, channel leads and the application owners.
Responsibilities
Performs security code reviews on various applications from an Information Security point of view and identify the security vulnerabilities within various related systems
Review code, design, interfaces within various related systems from an Information Security point of view
Issue disposition identified in Fortify FPR, manually review the code to identify the security vulnerabilities and prepare & submit Source Code Review report
Lead and guide a high performance team of security engineers focused on driving success of manual and automated static analysis security testing capabilities within the SCR Team
Provide the necessary guidance and oversight for establishing/maintaining effective quality of the reports delivered by the Jr engineers
Bring in coding practices, standards
Mentor developers from various teams to better their code in terms of efficiency, security and maintainability
Relate Organizational security standards to the code and design
Perform activities like risk analysis, impact analysis, interface agreements
Involve in team process and contribute to its improvement
Maintains an advanced awareness of bank security policies and government regulations pertaining to information security and participates in recommending changes to information security policy, standards and procedures as needed for SCR processes/systems/tools
Market Skills and Certifications
Essential Qualifications:
Expected 6+ years of overall experience in Information Security, IT systems or technology experience that includes direct experience in Security Code Reviews
3+ years of application Security Project(OWASP) Top 10 and SANS Common Weakness Enumeration Top 25
2+ years of web applications experience
3+ years of SAST(Static Analysis Software Testing) experience
3 years of experience in J2EE/JEE and/or .NET development, and/or secure code review/secure static code analysis
2 years of experience in J2EE/JEE and/or .NET development, and/or secure code review/secure static code analysis- missing
Strong relational database experience (SQL, PLSQL, Oracle 8i/9i/10g/11i)
Experience in reviewing code for security standards, coding standards and interface agreements
Strong skills in interacting with middleware, application servers and web servers
Superior organizational and time management skills
Excellent written and verbal communication skills
Desired Qualifications:
Experience in Information Security Engineering
We Value Diversity
At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law. We comply with all applicable laws in every jurisdiction in which we operate. 66165