Senior Information Security Analyst - Application Security Champion

About Wells Fargo:

Wells Fargo is a leading financial services company committed to helping customers, businesses, and communities thrive. We are looking for talented individuals to join our team and contribute to our mission of providing exceptional service and innovative solutions.

About this role:

Wells Fargo is seeking a Senior Information Security Engineer to join our dynamic team in Bengaluru. This role is crucial in safeguarding our applications and systems through robust security practices.

Key Responsibilities:

• Lead and participate in comprehensive computer security incident response activities for moderately complex events, ensuring swift and effective resolution.
• Conduct thorough technical investigations of security-related incidents, including post-incident digital forensics, to identify root causes and recommend future mitigation strategies.
• Provide expert security consulting on medium-sized projects for internal clients, ensuring strict conformity with corporate information security policies and established standards.
• Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions across various domains, including networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security.
• Review and correlate security logs to identify potential threats and anomalies.
• Leverage subject matter expertise in industry-leading security solutions and best practices to implement and enhance key information security components such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity.
• Proactively identify security vulnerabilities and issues, perform comprehensive risk assessments, and evaluate remediation alternatives to strengthen our security posture.
• Collaborate and consult effectively with peers, colleagues, and managers to resolve complex issues and achieve team and organizational goals.

Job Expectations:

• Review and evaluate security requirements and security design submissions from application teams, approving or rejecting based on established criteria and comparison to systems of record.
• Provide essential information security consultation to enhance awareness and ensure compliance with the Enterprise Application Security Program (EASP) policy, processes, and standards.
• Perform remediation of security assessment review issues and generate reports to support EASP risk management initiatives.
• Offer guidance and direction in reviewing assessment findings and implementing mitigating controls to optimize application security.
• Validate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) scans, and recommend appropriate fixes to development teams.
• Engage in collaborative efforts with peers, colleagues, and managers to resolve issues and achieve shared objectives.
• Interact effectively with teammates across all Lines of Business to foster a secure and compliant environment.

Required Qualifications:

• A minimum of 4 years of experience in Information Security Engineering, or equivalent demonstrated through a combination of work experience, training, military experience, or education.

Desired Qualifications:

• A minimum of 4 years of Application Security Champion experience, or equivalent demonstrated through a combination of work experience, training, military experience, or education.
• A minimum of 4 years of overall Information/Cyber security experience, coupled with a bachelor's degree or higher in Engineering, Computer Science, or Information Technology.
• At least 2 years of experience in one or more of the following practices: Security Requirements, Application Threat Modeling, Static Analysis, Application Security Risk Assessments, or Security Design requirements.
• Demonstrated knowledge and experience in identifying and suggesting mitigations for OWASP Top 10 and CWE/SANS Top 25 vulnerabilities for development teams.
• Proven ability to manage multiple priorities effectively in a fast-paced, dynamic environment.
• Advanced problem-solving skills with the ability to develop effective, long-term solutions to complex issues.
• Excellent verbal and written communication skills.
• Exceptional inter-personal skills that contribute to a cordial and productive team environment.
• Solid knowledge and understanding of secure System Development Life Cycle (SDLC) methodologies.
• Experience in drafting application security coding standards.
• Capability to manage highly complex issues and negotiate robust solutions.
• Proficiency in Application Security threat management and mitigation domains.
• Prior application security experience with banking or financial services applications is highly desirable.
• Possession of industry-renowned certifications such as CISSP, CSSLP, CEH, or equivalent.