About Wells Fargo
Wells Fargo & Company (NYSE : WFC) is a leading global financial services company headquartered in San Francisco (United States).
Wells Fargo has offices in over 20 countries and territories. Our business outside of the U.S. mostly focuses on providing banking services for large corporate, government and financial institution clients.
We have worldwide expertise and services to help our customers improve earnings, manage risk, and develop opportunities in the global marketplace.
Our global reach offers many opportunities for you to develop a career with Wells Fargo. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience.
We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo.
It all begins with outstanding talent. It all begins with you.
Market Job Description
About Wells Fargo India
Wells Fargo India enables global talent capabilities for Wells Fargo Bank NA., by supporting business lines and staff functions across Technology, Operations, Risk, Audit, Process Excellence, Automation and Product, Analytics and Modeling.
We are operating in Hyderabad, Bengaluru and Chennai locations.
Department Overview :
Wells Fargo views information security as enabling lines of business to mitigate information security risk in accordance with our risk appetite.
Through a framework that addresses policy, process, operations, people, and technology, IS protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws.
Our vision is to provide Wells Fargo with world-leading cyber security risk management.
Wells Fargo Secure Code Review (SCR) provides application vulnerability identification and also validation of remediated findings at the code level for critical applications used by Wells Fargo, from an automated and manual static analysis perspective.
This role is a key member of the Secure Code Review team who will help to further our malicious code review innovation capabilities in advancement of our static analysis competencies.
Position encompasses custom rule writing in both Fortify and Checkmarx, with potential to expand and / or cultivate skills in machine learning.
Position may additionally include detecting malicious code signatures through manual analysis of code and / or creating malicious code content for testing purposes.
Work with stakeholders throughout the organization to identify opportunities for using company data to drive automation and process improvement.
Leverage large data sets to find opportunity for process optimization, using models to test the effectiveness of different courses of action.
Mine and analyze data from systems of record to drive automation, continuous improvement and quality assurance.
Assess the effectiveness and accuracy of new data sources and data gathering techniques.
Performs security code reviews on various applications from an Information Security point of view and identify the security vulnerabilities within various related systems.
Review code, design, interfaces within various related systems from an Information Security point of view .
Issue disposition identified in Fortify FPR, manually review the code to identify the security vulnerabilities and prepare & submit Source Code Review report .
Lead and guide a high performance team of security engineers focused on driving success of manual and automated static analysis security testing capabilities within the SCR Team .
Submit patents, as appropriate, to protect your inventions.
Essential Qualifications :
6+ years of .net experience
6+ years of experience in.NET development, and / or secure code review / secure static code analysis
3+ years of experience with Checkmarx, Fortify SSC, AWB, SCA
3+ years of SAST(Static Analysis Software Testing) experience
3 years of experience in J2EE / JEE and / or .NET development, and / or secure code review / secure static code analysis
3+ years of application Security Project(OWASP) Top 10 and SANS Common Weakness Enumeration Top 25
3+ years of XML
Market Skills and Certifications
Desired Qualifications :
3+ years of experience with Checkmarx rule writing
3+ years of experience with CxSAST, CxAudit and CxQL
3+ years of experience with Fortify rule writing
Superior organizational and time management skills
Excellent written and verbal communication skills
Ability to manage complex issues and develop solutions
Knowledge and understanding of technology testing : web-based applications developed in Java or .net framework
Knowledge and understanding of design and development of modern web applications and mobile technologies
Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
Ability to work independently
Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
Ability to translate and present complex technical data across technical and non-technical groups
Outstanding problem solving skills
We Value Diversity
At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law.
We comply with all applicable laws in every jurisdiction in which we operate.