About Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a leading global financial services company headquartered in San Francisco (United States). Wells Fargo has offices in over 30 countries and territories. Our business outside of the U.S. mostly focuses on providing banking services for large corporate, government and financial institution clients. We have worldwide expertise and services to help our customers improve earnings, manage risk, and develop opportunities in the global marketplace. Our global reach offers many opportunities for you to develop a career with Wells Fargo. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience. We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Market Job Description
About Wells Fargo India
Wells Fargo Indiaenables global talent capabilities for Wells Fargo Bank NA., by supporting business lines and staff functions across Technology, Operations, Risk, Audit, Process Excellence, Automation and Product, Analytics and Modeling. We are operating in Hyderabad, Bengaluru and Chennai locations
Department Overview:
Wells Fargo views information security as enabling lines of business to mitigate information security risk in accordance with our risk appetite. Through a framework that addresses policy, process, operations, people, and technology, IS protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws.
Our vision is to provide Wells Fargo with world-leading cyber security risk management.
About Role:
You will be part of Secure Code Review team under IS organization to support five different lines of business in application security area. You will be performing Secure Code Reviews on different applications developed on Java, J2EE and the related frameworks/technologies for both server side and UI based applications. You will closely work with your immediate reporting manager, channel leads and the application owners.
Responsibilities
Performs security code reviews on various applications from an Information Security point of view and identify the security vulnerabilities within various related systems. Conducts security code review on various complex applications code, design & interfaces that are built on Java, J2EE, Struts, Spring, Hibernate, .NET VB .NET, ASP, C# and other related technologies/frameworks including database (Oracle, SQL) and UI technologies/frameworks. Issue disposition identified in MicroFocus Fortify FPR/Checkmarx, manually review the code to identify the security vulnerabilities and prepare & submit Source Code Review report Performs security code reviews on various applications from an Information Security point of view and identify the security vulnerabilities within various related systems Review code, design, interfaces within various related systems from an Information Security point of view Issue disposition identified in Fortify FPR, manually review the code to identify the security vulnerabilities and prepare & submit Source Code Review report
Maintains an advanced awareness of bank security policies and government regulations pertaining to information security and participates in recommending changes to information security policy, standards and procedures as needed for SCR processes/systems/tools.
Essential Qualifications:
Expected 4+ years of overall experience in Information Security, IT systems or technology experience that includes direct experience in Security Code Reviews
2+ years of application Security Project(OWASP) Top 10 and SANS Common Weakness Enumeration Top 25 2+ years of web applications experience 2+ years of SAST(Static Analysis Software Testing) experience 2 years of experience in J2EE/JEE and/or .NET development, and/or secure code review/secure static code analysis Strong relational database experience (SQL, PLSQL, Oracle 8i/9i/10g/11i) Experience in reviewing code for security standards, coding standards and interface agreements. Strong skills in interacting with middleware, application servers and web servers. Superior organizational and time management skills Excellent written and verbal communication skills
Market Skills and Certifications
We Value Diversity
At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law. We comply with all applicable laws in every jurisdiction in which we operate. |
