Dynamic Application Security Testing

Description: In this contingent resource assignment, you may: Consult on or participate in moderately complex initiatives and deliverables within Information Security Engineering and contribute to large-scale planning related to Information Security Engineering deliverables. Review and analyze moderately complex Information Security Engineering challenges that require an in-depth evaluation of variable factors. Contribute to the resolution of moderately complex issues and consult with others to meet Information Security Engineering deliverables while leveraging solid understanding of the function policies procedures and compliance requirements. Collaborate with client personnel in Information Security Engineering. Required Qualifications: 4 years of Information Security Engineering experience or equivalent demonstrated through one or a combination of the following: work or consulting experience training military experience education.

Skills: The Senior Information Security Engineer will:• Conduct Dynamic Application Security Testing (DAST) through manual testing and by using automated testing tools• Review test results from tools• Ensure that DAST tests are completed successfully• Identify and remove any false positives from automated testing tool reports • Triage & Disposition results and enforce a Bug Bar• Verify/validate defect fixes• Provide application security consulting SME Support to developers• Assist developers with understanding of security defects and risk• Assist in defining acceptable solution to fix defects• Stay up to speed on 3rd party (inside and outside Wells Fargo) known security vulnerabilities• Develop and review malicious use cases/threat models• Maintain a broad understanding of security technologies and products