Job Description

About Wells Fargo Wells Fargo & Company (NYSE: WFC) is a leading global financial services company with $2.0 trillion in assets and offices in over 37 countries. Founded in 1852 and headquartered in San Francisco, Wells Fargo provides asset management, capital raising and advisory, financing, foreign exchange, payments, risk management, and trade finance services to support customers who conduct business in the global economy. At Wells Fargo, we want to satisfy our customers\' financial needs and help them succeed financially. We also value the viewpoints of our team members and encourage them to be their best. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience. We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Learn more at our . About Wells Fargo India enables global talent capabilities for Wells Fargo Bank NA., by supporting business lines and staff functions across Technology, Operations, Risk, Audit, Process Excellence, Automation and Product, Analytics and Modeling. We are operating in Hyderabad, Bengaluru and Chennai locations. Department Overview Cyber Security (CS) is part of Wells Fargo\'s Technology organization. Through a framework that addresses policy, process, operations, people and technology. ICS protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws. About Role: The Enterprise Application Security Program enhances the ability of the development organization to consistently deliver highly functional applications that are secure and resilient against attack by developing policies, processes, and tools to proactively embed security into Wells Fargo-developed applications. This position is a Lead Information Security Engineer will perform an Individual contributor role in Enterprise Application Security Program (EASP) contributing to EASP practices from Well Fargo India and Philippines. Responsibilities: Lead the Security Requirements stream and customize SDElements content and features as per Wells Fargo policies. Enhance Security requirements with relevant cloud controls. Develop and implement cloud security controls to mitigate identified risks. Contribute and enhance Security requirements with industry trends to enable Wells Fargo adopted technology advancements to align with Wells Fargo\'s risk Appetite. Review the team\'s deliverables, troubleshooting any issues and suggest ways to improve processes. Contribute to security coding guidelines stream for different programming languages including drafting, publishing, and providing appropriate code snippets. Understand the EASP program and its implementation across the organization, stay abreast with the changes to the program and suggest solutions for emerging threat landscape. Suggest and execute changes to the program and implement the changes to the enabling tools. Partner with the state side leads to understand requirements of the program and implement them in the practices and tools. Execute any EASP stream assigned from WFIP. Apply knowledge of information security and application development industry trends and technology to drive organizational change and position to properly manage and remediate vulnerabilities. Coach junior team members in the team to understand and deliver based on the requirements of the program. Essential Qualifications: 12 years of Overall IT experience 8+ years of Application Security Experience 3+ years of experience with all or some of the following practices like Security Requirements, Application Threat Modeling, Static Analysis, Application Security Risk Assessments, Security Design requirements. A solid knowledge of cloud security principles and technologies such as Azure, and Google Cloud Platform. Familiarity with cloud security best practices and the ability to implement them effectively is essential. Experience with cloud security technologies such as Azure, and Google Cloud Platform. Experience with programming languages such as Python. Expert level Knowledge and experience in working with various application security tools and systems. Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies. Experience in drafting application security coding standards. Expert level knowledge and experience in identifying and suggesting mitigations to OWASP top 10, CWE/SANS top 25 to development teams. Ability to develop expertise in Information Security Standards, Policies, Procedures and Controls. Ability to lead a stream and deliver as per the program needs. Ability to manage multiple priorities in a fast-paced dynamic environment. Advanced problem-solving skills, ability to develop effective long-term solutions to problems. Excellent verbal and written communication skills and stakeholder management. Excellent inter-personal skills contributing to cordial team environment. Certified in Industry cloud Certifications like CCSP or vendor specific certifications for Azure and GCP. Desired Skills: Excellent verbal, written, and interpersonal communication skills. Application security experience with banking/financial services applications or large enterprise. Strong analytical skills with high attention to detail and accuracy Ability to work effectively, as well as independently, in a team environment. Strong organizational, multi-tasking, and prioritizing skills Ability to meet time sensitive deadlines required. Ability to work collaboratively and build consensus is essential. Ability to make sound decisions and exercise good judgment. Ability to work and achieve goals without constant supervision. Ability to handle confidential material in a professional manner. Industry certification such as CSSLP and CEH. We Value Diversity At Wells Fargo, we believe in diversity, equity and inclusion in the workplace accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law. Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit\'s risk appetite and all risk and compliance program requirements. Candidates applying to job openings posted in US:All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process. Drug and Alcohol Policy Wells Fargo maintains a drug free workplace. Please see our to learn more.

foundit