Lead Information Security Engineer – Vulnerability Operations Team – Engineering and Automation

​

Lead Information Security Engineer – Vulnerability Operations Team – Engineering and Automation

Department Overview:
Wells Fargo views information security as enabling lines of business to mitigate information security risk in accordance with our risk appetite. Through a framework that addresses policy, process, operations, people, and technology, Cybersecurity team protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws.

Our vision is to provide Wells Fargo with world-leading cyber security risk management.
 
The Cybersecurity Vulnerability & Patch Management (VPM) organization’s primary function is to safeguard the confidentiality, integrity, and availability of information systems, identity, and data assets by providing capabilities that empower the enterprise to maintain a resilient and secure environment.

The Vulnerability Operations Team (VO) within VPM leads multiple controls governing remediation of vulnerabilities in vendor software deployed on infrastructure assets across the enterprise footprint.

 
About the Role:
 

Our Vulnerability Operations team is looking for a Lead Information Security Engineer who can leverage strong engineering skills to identify complex vulnerabilities on software libraries or third-party components embedded in other products.

The individual in this role will leverage strong engineering skills to determine the products at systemic level attributes (example – filepaths, ports) executing the vulnerability, and other on-asset nuances.

The individual in this role will create repositories for these vulnerability patterns for mapping them to specific vulnerability. The individual in this role will also provide skills to address other engineering needs across the Vulnerability Operations controls.

The individual in this role will also be responsible for analyzing existing technical tasks performed by engineers and building tools to automate those tasks.  This will require identifying areas where efficiencies can be gained, understanding the existing process, and writing code/building tools that will automate the tasks.  To accomplish these goals, the candidate must possess advanced development/coding skills as well as advanced Server-side system administration/engineering/networking skills.

• Leads efforts to design, create and implement automation to support operational tasks.
• Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards.
• Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions.
• Utilize subject matter knowledge in industry leading security solutions and best practices while implementing solutions.
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals.
• Provide technical inputs to streamline or automate process and identify risk appropriately.
• Deliver projects to support technical and business solution individually with minimum guidance.
• Manage and monitor infrastructure and ensure it operates at optimal level.
• Participate in and respond reliably to user request/query and support on-call. Understand & analyze business requirements and deliver technical solution.
• Research new software development methodologies and technologies and analyzes their application to current development and integration needs.
• Maintain a broad understanding of security technologies and products. 
• Demonstrated detailed oriented self-starter and the ability to work independently with limited supervision and limited direction, and in collaborative team environments.
• The ability to provide support after normal business hours as needed.
• A strong ability to multi-task and manage varying priorities and projects.

Essential Qualifications:

• 10+ combined years’ experience in software or web development using:
  • Java 8+
  • C# using .NET Framework 4.5+, .NET Core 2.0+, or .NET 5+

• 5+ combined years’ experience in data wrangling and data analysis.

• 5+ years’ experience in Structured Query Language (SQL).

• 5+ combined years’ experience in software or web development using:
  • Python
  • Node.js
  • Visual C++
  • Ruby

• 5+ combined years’ experience in scripting or automation using:
  • Bourne Shell (sh), Bourne-Again Shell (bash), or KornShell (ksh)
  • PowerShell

• 5+ combined years’ experience in common web engines including:
  • Microsoft Internet Information Services (IIS)
  • Apache Tomcat
  • Apache HTTP Server
  • Oracle WebLogic Server
  • IBM WebSphere Application Server
  • IBM Open Liberty Server
  • Nginx
  • Red Hat Jboss Enterprise Application Platform

• 1+ combined years’ experience in:
  • Public cloud providers (emphasis on Google Cloud Platform and Microsoft Azure)
• Demonstrated excellent written and oral communication skills.

Desired Qualifications:

• 5+ combined years’ experience in:
  • Virtual Systems
  • Containerized workloads
  • Common container base layers
• Bachelor’s and/or Master’s degree in computer science or information systems
• Experience with Agile methodology of project delivery.
• Knowledge and understanding of Common Vulnerability Exposures (CVE) and Common Vulnerability Scoring System (CVSS) scoring.
• Ability to take initiative, identify opportunities and implement change.
• Ability to identify and manage complex issues and negotiate solutions within a geographically dispersed organization.
• Information Security technical skills and solid knowledge and understanding of information security practices and policies.

Posting End Date: 

*Job posting may come down early due to volume of applicants.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug free workplace.  Please see our Drug and Alcohol Policy to learn more.