Lead Information Security Engineer - Application Security - SAST

About Role:

The Enterprise Application Security Program enhances the ability of the development organization to consistently deliver highly functional applications that are secure and resilient against attack by developing policies, processes, and tools to proactively embed security into Wells Fargo-developed applications. This position is a Lead Information Security Engineer will perform an Individual contributor role in Secure Software Group (SSG) contributing to EASP practices from Well Fargo India

Responsibilities:

• Lead the Static Application Security Testing (SAST) practice by enabling scanning tools, preset analysis/customization and processes.
• Contribute to security coding guidelines for different programming languages.
• Understand the EASP program and its implementation across the organization and stay abreast with the changes to the program.
• Enable the program by creating, on-boarding, maintaining, and supporting SAST tools in EASP.
• Suggest and execute changes to the program and implement the changes to the enabling tools.
• Integrate with the state side leads to understand requirements and implement them in the practices and tools.
• Develop and leverage the ability to execute any EASP stream assigned.
• Associate with Application Security Champions, Architects and Application development teams in Governance, oversight and enablement of EASP.
• Apply knowledge of information security and application development industry trends and technology to drive organizational change and position to properly manage and remediate vulnerabilities.
• Coach junior team members in the team to understand and deliver based on the requirements of the program.

Essential Qualifications:

• 10+ years of Overall IT experience
• 8+ years of application security Experience
• 3+ years of SAST experience (including but not limited to Configuring and Running Scans, Vulnerability analysis, Preset analysis and customization) with preferably Checkmarx or any other SAST tool.
• 3+ years of experience with all or some of the following practices like Security Requirements, Application Threat Modeling, Static Analysis, Application Security Risk Assessments, Security Design requirements.
• Knowledge and experience in working with various application security tools and systems.
• Knowledge and experience in identifying and suggesting mitigations to OWASP top 10, CWE/SANS top 25 to development teams.
• Knowledge and understanding of secure SDLC (System Development Life Cycle) methodologies.
• Ability to manage multiple priorities in a fast-paced dynamic environment.
• Advanced problem-solving skills, ability to develop effective long-term solutions to problems.
• Excellent verbal and written communication skills
• Excellent inter-personal skills contributing to cordial team environment.
• Certified in Industry renowned certifications like CSSLP, CEH etc.,

Desired Skills:

• A Bachelor’s degree or higher in information technology
• Experience in drafting application security coding standards.
• Ability to manage highly complex issues and negotiate solutions.
• Knowledge and understanding of Application security threat management and mitigation.
• Application security experience with banking/financial services applications.
• Knowledge and understanding of threat modeling and assessment of potential and current information security risk/threats.