the smart solution for Charlotte jobs

Info Security Engineer 5 - Application Incident Response & Research

Company: Wells Fargo
Location: Charlotte
Posted on: May 19, 2019

Job Description:

Job Description
At Wells Fargo, we have one goal: to satisfy our customers' financial needs and help them achieve their dreams. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you. Enterprise Finance & Information Technology offers technology and services that exceed Wells Fargo customers' expectations and directly enable them to succeed financially. We interact with customers more than 12 billion times a year through in-store, online, ATM, and telephone transactions. We impact customers directly, through systems availability and security, as well as indirectly, through our business partners who offer and deliver a myriad of products and services that meet customers' financial needs. We provide a competitive advantage for the company through excellence in fundamentals, integrated partnerships, and our talented and engaged team members.The engineer will be responsible for providing thorough and accurate research of application security risks in their research of 0day vulnerabilities and application incidents. The engineer will play a major role in application incident response activities, including developing indicators of compromise, exploit signatures, and patch analysis requiring regular collaboration with various defensive and offensive teams within the organization. Performs application security incident response and vulnerability research activities and technical investigations of application security related incidents. Partners with senior level engineers to identify security vulnerabilities and respond to incidents. Acts as professional ethical penetration tester utilizing hacking tools to modify or create proof of concept exploits that mimic techniques of attackers to identify vulnerabilities and associate with a severity rating by deriving impact and ease of exploit.Performs security risk assessments to ensure compliance with corporate information security policies and adherence to best practices. Conducts research, analysis, testing and implementation of complex web applications and firmware vulnerabilities. Identifies security vulnerabilities for the company's, application systems, application dependencies, including hardware infrastructure and emerging technologies to improve the enterprise information security posture. Communicates to the line of business, CIO areas, and relevant third parties on the inherent risks, providing meaningful hardening and mitigation strategies. Provides guidance and leadership to Information Security Engineers and acts as a mentor for these engineers interested in penetration testing and offensive security. This position is a part of the Cyber Threat Management - Application Incident Response and Research team.Responsibilities include:

  • Incident management for 0day application vulnerabilities
  • Creation of 0day identification tools
  • Identification of 0day application vulnerabilities
  • Conducting web-based application penetration tests
  • Source code audits
  • Hands-on technical security evaluations and implementations
  • Developing custom penetration testing techniques and tools.
  • Install, configure, use and maintain testing tools as well as vulnerable applications/environments
  • Manually verify security vulnerabilities
  • Document identified 0day vulnerabilities and related matters in a clear, concise and timely manner
  • Meet with the application teams to review, describe and explain identified security vulnerabilities and possible remediation
  • Retest application updates or deployed remediation logic to verify resolution of security vulnerabilities
  • Update documentation as required
  • Maintain electronic or paper trail of testing activity for audit purposes
  • Maintain confidentiality of authentication credentials, sensitive application information and test results before, during and after completion of compliance testing and/or retesting
  • Providing adhoc penetration testing as necessary
  • Providing application security consulting SME Support to developers
  • Providing for root cause analysis and incident management investigation
  • Providing security training as required
  • Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
  • Develop and review malicious use cases/threat models
  • Maintain a broad understanding of security technologies and products
  • Actively participate on improving the security culture and education throughout the organization.

    Required Qualifications
    • 7+ years of information security applications and systems experience
    • 2+ years of experience creating proof of concepts, creating exploits, or a combination of both
    • 2+ years of experience in one or a combination of the following: Java, .net MVC via application development, exploit development via an interactive testing model or a source code vulnerability analysis model.
    • 1+ year 0day vulnerability discovery and research experience.

      Desired Qualifications
      • Advanced Information Security technical skills and understanding of information security practices and policies
      • Ability to manage complex issues and develop solutions
      • Excellent verbal and written communication skills
      • Experience working in a large enterprise environment
      • Ability to manage multiple and competing priorities
      • Ability to take on a high level of responsibility, initiative, and accountability
      • Ability to work with limited supervision
      • Good attention to detail and accuracy skills
      • Knowledge and understanding of banking or financial services industry
      • Knowledge and understanding of information security industry standards and government regulations
      • Strong analytical skills with high attention to detail and accuracy
      • Strong collaboration and partnering skills
      • Strong organizational, multi-tasking, and prioritizing skills
      • Certifications in one or more of the following: Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE)

        Other Desired Qualifications
        • 2+ years of information security experience in converged testing (red teaming)
        • 1+ year of experience in network, social, and physical domains

          Job Expectations
          • Ability to work outside of regular business hours


            All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

            Relevant military experience is considered for veterans and transitioning service men and women.
            Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

Keywords: Wells Fargo, Charlotte , Info Security Engineer 5 - Application Incident Response & Research, Engineering , Charlotte, North Carolina

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category

Other Engineering Jobs

Senior QA Engineer
Description: Job Title Senior QA Engineer Location
Company: Charter Global, Inc.
Location: Charlotte
Posted on: 05/26/2019

Info Security Engineer 5
Description: Info Security Engineer 5 Job DescriptionAt Wells Fargo, we have one goal: to satisfy our customers' financial needs and help them achieve their dreams. We're looking for talented people who will put our (more...)
Company: Wells Fargo
Location: Winston Salem
Posted on: 05/26/2019

Current College Students - Engineering Internship - MetaMask (Summer 2019)
Description: ConsenSys is a venture production studio focused on building and scaling tools and enterprise software products powered by Ethereum. Our mission is to use these solutions to power the emerging economic, (more...)
Company: Consensys
Location: Greensboro
Posted on: 05/26/2019

Info Security Engineer 5 - Threat Signature Services
Description: Job Description At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything (more...)
Company: Wells Fargo
Location: Charlotte
Posted on: 05/26/2019

Corporate Account Engineer
Description: Overview Our growing company is seeking to hire a Corporate Account Engineer who will be responsible for managing all engineering and commercial aspects of MEC's relationships with our key client, Volvo (more...)
Company: MEC (Mayville Engineering Company, Inc.)
Location: Greensboro
Posted on: 05/26/2019

Firmware Development Engineer - Charlotte
Description: We are currently seeking an experienced Firmware Development Engineer to join our team in our Charlotte NC 28273 location.-- -- Who We Are : LS Energy Solutions is an affiliate of LSIS, Korea's major (more...)
Company: LS Energy Solutions LLC
Location: Charlotte
Posted on: 05/26/2019

DevOps Engineer
Description: Title DevOps Engineer Location Charlotte, NC Duration 12 Months Job description Our client is assisting a company with the automation delivery
Company: Veritis Group, Inc.
Location: Charlotte
Posted on: 05/26/2019

Manufacturing Mechanic - Sheet Metal Fabrication
Description: Overview 2nd SHIFT APPRENTICE LEVEL: The Mfg Apprentice SM is an entry level position that to be utilized as a training role for inexperienced employees hired to learn the Sheet Metal Fabrication function. (more...)
Company: HAECO Americas
Location: Greensboro
Posted on: 05/26/2019

Internet / Web Engineer - Consultant
Description: Title Internet Web Engineer - Consultant Mandatory skills Internet information Services, IIS, SQL Server, MS SQL SQL Server Integration Services, SSIS MS SQL Server 2008, SQL Server 2008 Network Security, (more...)
Location: Columbia
Posted on: 05/26/2019

Description: bonus mechanic service trucks public transportation bus rail para transit br br KEOLIS IS HIRING EXPERIENCED MECHANCIS FOR GREENSBORO, NC: br CURRENTLY OFFERING A SIGN ON BONUS AND UP TO 2500 IN (more...)
Company: Keolis Transit America, Inc.
Location: Greensboro
Posted on: 05/26/2019

Log In or Create An Account

Get the latest North Carolina jobs by following @recnetNC on Twitter!

Charlotte RSS job feeds