Info Security Engineer
Hyderabad, Telangana, India
4d ago

About Wells Fargo

Wells Fargo & Company (NYSE : WFC) is a leading global financial services company headquartered in San Francisco (United States).

Wells Fargo has offices in over 20 countries and territories. Our business outside of the U.S. mostly focuses on providing banking services for large corporate, government and financial institution clients.

We have worldwide expertise and services to help our customers improve earnings, manage risk, and develop opportunities in the global marketplace.

Our global reach offers many opportunities for you to develop a career with Wells Fargo. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience.

We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo.

It all begins with outstanding talent. It all begins with you.

Market Job Description

About Wells Fargo India

Wells Fargo India enables global talent capabilities for Wells Fargo Bank NA., by supporting business lines and staff functions across Technology, Operations, Risk, Audit, Process Excellence, Automation and Product, Analytics and Modeling.

We are operating in Hyderabad, Bengaluru and Chennai locations.

Department Overview :

Wells Fargo views information security as enabling lines of business to mitigate information security risk in accordance with our risk appetite.

Through a framework that addresses policy, process, operations, people, and technology, IS protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws.

Our vision is to provide Wells Fargo with world-leading cyber security risk management.


Wells Fargo Secure Code Review (SCR) provides application vulnerability identification and also validation of remediated findings at the code level for critical applications used by Wells Fargo, from an automated and manual static analysis perspective.

This role is a key member of the Secure Code Review team who will help to further our malicious code review innovation capabilities in advancement of our static analysis competencies.

Position encompasses custom rule writing in both Fortify and Checkmarx, with potential to expand and / or cultivate skills in machine learning.

Position may additionally include detecting malicious code signatures through manual analysis of code and / or creating malicious code content for testing purposes.

Responsibilities :

Work with stakeholders throughout the organization to identify opportunities for using company data to drive automation and process improvement.

Leverage large data sets to find opportunity for process optimization, using models to test the effectiveness of different courses of action.

Mine and analyze data from systems of record to drive automation, continuous improvement and quality assurance.

Assess the effectiveness and accuracy of new data sources and data gathering techniques.

Performs security code reviews on various applications from an Information Security point of view and identify the security vulnerabilities within various related systems.

Review code, design, interfaces within various related systems from an Information Security point of view .

Issue disposition identified in Fortify FPR, manually review the code to identify the security vulnerabilities and prepare & submit Source Code Review report .

Lead and guide a high performance team of security engineers focused on driving success of manual and automated static analysis security testing capabilities within the SCR Team .

Submit patents, as appropriate, to protect your inventions.

Essential Qualifications :

6+ years of .net experience

6+ years of experience in.NET development, and / or secure code review / secure static code analysis

3+ years of experience with Checkmarx, Fortify SSC, AWB, SCA

3+ years of SAST(Static Analysis Software Testing) experience

3 years of experience in J2EE / JEE and / or .NET development, and / or secure code review / secure static code analysis

3+ years of application Security Project(OWASP) Top 10 and SANS Common Weakness Enumeration Top 25

3+ years of XML

Market Skills and Certifications

Desired Qualifications :

3+ years of experience with Checkmarx rule writing

3+ years of experience with CxSAST, CxAudit and CxQL

3+ years of experience with Fortify rule writing

Superior organizational and time management skills

Excellent written and verbal communication skills

Ability to manage complex issues and develop solutions

Knowledge and understanding of technology testing : web-based applications developed in Java or .net framework

Knowledge and understanding of design and development of modern web applications and mobile technologies

Ability to execute in a fast paced, high demand, environment while balancing multiple priorities

Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important

Ability to work independently

Ability to articulate issues, risks, and proposed solutions to various levels of staff and management

Ability to translate and present complex technical data across technical and non-technical groups

Outstanding problem solving skills

We Value Diversity

At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law.

We comply with all applicable laws in every jurisdiction in which we operate.


Report this job

Thank you for reporting this job!

Your feedback will help us improve the quality of our services.

My Email
By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
Application form