Company Description
Top financial company.
Job Description
Locations: MN-Minneapolis; AZ-Chandler; NC-Charlotte;NC-Winston Salem; CA - San Francisco
Type: Contract
Duration: 3 months
Job description:
• Conduct dynamic application security testing using both manual and automated testing tools.
• Review test results from tools
• Ensure that automated tests are completed successfully
• Configure tools as required to be successful in evaluating VERA (Vendor remote access) applications
• Identify and remove any false positives from automated testing tool reports
• Triage & Disposition results and enforce a Bug Bar
• Verify/validate defect fixes
• Provide application security consulting SME Support to developers
• Assist developers with understanding of security defects and risk
• Assist in defining acceptable solution to fix defects
• Communicate Security risk to ISCs and ORCs to document security issues and controls for security planning purposes
• Help maintain Security Coding Standards and Bug Bar as required
• Assist in the Development of standards as required
• Provide training
• Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
• Develop and review malicious use cases/threat models
• Maintain a broad understanding of security technologies and products
• Actively participate on improving the security culture and education throughout the organization
Qualifications
Required skills:
• 5+ years of experience in security applications and systems
• Minimum of 5 years of Information Security Engineer/Consultant experience with application Penetration Testing.
• Minimum of 5 years of demonstrated experience with automated penetration tools
• Minimum of 5 years of demonstrated experience with manual Penetration Testing tools
• Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization
Desired skills:
• Advanced Information Security technical skills
• Ability to manage complex issues and develop solutions
• Excellent verbal and written communication skills
• Knowledge and understanding of application or software security such as: web application Penetration Testing, secure code review, secure static code analysis
• Knowledge and understanding of banking or financial services industry
• Experience working in a large enterprise environment
• Strong analytical skills with high attention to detail and accuracy
• Knowledge and understanding of information security industry standards and government regulations
• Ability to manage multiple and competing priorities
• Ability to work with limited supervision
• Ability to take on a high level of responsibility, initiative, and accountability
• Good attention to detail and accuracy skills
• Strong collaboration and partnering skills
• Demonstrated experience developing and reviewing malicious use cases/threat models
Job expectations
• Ability to work weekends and holidays as needed or scheduled
Candidate will be required to work onsite at certain facilities in these cities: MN-Minneapolis; AZ-Chandler; NC-Charlotte;NC-Winston Salem; CA - San Francisco
Additional Information
All your information will be kept confidential according to EEO guidelines.
**Please let me know if you might someone to refer or if you are interested for the role.
**Please reply with an updated copy of your resume and preferred time for a call.
**You can call me back at 303.945.3632.
Top financial company.
Job Description
Locations: MN-Minneapolis; AZ-Chandler; NC-Charlotte;NC-Winston Salem; CA - San Francisco
Type: Contract
Duration: 3 months
Job description:
• Conduct dynamic application security testing using both manual and automated testing tools.
• Review test results from tools
• Ensure that automated tests are completed successfully
• Configure tools as required to be successful in evaluating VERA (Vendor remote access) applications
• Identify and remove any false positives from automated testing tool reports
• Triage & Disposition results and enforce a Bug Bar
• Verify/validate defect fixes
• Provide application security consulting SME Support to developers
• Assist developers with understanding of security defects and risk
• Assist in defining acceptable solution to fix defects
• Communicate Security risk to ISCs and ORCs to document security issues and controls for security planning purposes
• Help maintain Security Coding Standards and Bug Bar as required
• Assist in the Development of standards as required
• Provide training
• Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities
• Develop and review malicious use cases/threat models
• Maintain a broad understanding of security technologies and products
• Actively participate on improving the security culture and education throughout the organization
Qualifications
Required skills:
• 5+ years of experience in security applications and systems
• Minimum of 5 years of Information Security Engineer/Consultant experience with application Penetration Testing.
• Minimum of 5 years of demonstrated experience with automated penetration tools
• Minimum of 5 years of demonstrated experience with manual Penetration Testing tools
• Demonstrated experience with creating and communication of reports regarding web application vulnerabilities to various level of personnel within a large organization
Desired skills:
• Advanced Information Security technical skills
• Ability to manage complex issues and develop solutions
• Excellent verbal and written communication skills
• Knowledge and understanding of application or software security such as: web application Penetration Testing, secure code review, secure static code analysis
• Knowledge and understanding of banking or financial services industry
• Experience working in a large enterprise environment
• Strong analytical skills with high attention to detail and accuracy
• Knowledge and understanding of information security industry standards and government regulations
• Ability to manage multiple and competing priorities
• Ability to work with limited supervision
• Ability to take on a high level of responsibility, initiative, and accountability
• Good attention to detail and accuracy skills
• Strong collaboration and partnering skills
• Demonstrated experience developing and reviewing malicious use cases/threat models
Job expectations
• Ability to work weekends and holidays as needed or scheduled
Candidate will be required to work onsite at certain facilities in these cities: MN-Minneapolis; AZ-Chandler; NC-Charlotte;NC-Winston Salem; CA - San Francisco
Additional Information
All your information will be kept confidential according to EEO guidelines.
**Please let me know if you might someone to refer or if you are interested for the role.
**Please reply with an updated copy of your resume and preferred time for a call.
**You can call me back at 303.945.3632.