**About this role:**

Wells Fargo is seeking an engineer experienced in remediating active vulnerabilities tied to infrastructure (non-application) software including but not limited to operating systems, embedded libraries, integrated development environments, .NET, Java, and other software installed on infrastructure assets throughout the organization. This role is part of the enterprise Cybersecurity governance team overseeing and driving timely remediation of vulnerability scan findings in concert with partners in each of the technology CIO organizations who are ultimately accountable for remediation. While this role is more governance than engineering on a daily basis, a strong background in the engineering aspects surrounding vulnerabilities will bolster the ability to drive results and to collaborate with all parties involved in cybersecurity vulnerability remediation.

This position will ensure products are aligned to the correct competency center and vulnerability remediation solutions are developed in a timely manner. This position will review all new and problematic solutions by engaging the necessary technical subject matter experts. In addition, this role will ensure vulnerabilities are assigned to the correct teams for remediation and ensure complex remediations are addressed in a timely manner. This position would be required to assist with data and reporting for Zero-Day Emergency events.

Broadly, success is based on timely vulnerability policy compliance, ability to drive resolution of challenges, and proactive escalation and visibility into items at risk or experiencing active issues. This role will address deliverables by taking data and knowledge from many different sources and assembling it into a coherent package for affected teams to quickly digest the actions needed. Use systems of records to merge, manipulate, analyze, and summarize data for senior leadership decision making.

**In this role, you will:**

+ Lead vulnerability management incident response activities for zero-day vulnerability events.

+ Execute one or more risk management controls to achieve successful ratings in all audits, risk management, and/or regulatory reviews.

+ Retain evidence and artifacts demonstrating the quality of execution of this work in support of audit and control reviews and quality assurance assessments.

+ Collaborate with partners in engineering and CIO organizations to investigate obstacles to timely remediation of vulnerabilities with a goal of identifying and helping to remove systemic blockers.

+ Design, document, test, maintain, and provide issue resolution recommendations for highly complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security.

+ Govern resolution of Google and Azure cloud vulnerabilities. Strong knowledge of cloud engineering concepts and the mechanics involved in preventing and remediating vulnerabilities in a cloud model.

+ Leverage your strong process design skills to refine existing procedures and practices for improvements to timeliness and and/or efficiency.

+ Provide security consulting for internal clients to ensure conformity with cybersecurity policy and standards.

+ Review security vulnerabilities and issues, collaborate on remediation alternatives, and hold remediation owners accountable for policy compliance.

+ Collaborate in defining requirements for the technology leveraged in delivery of our governance program.

+ Collaborate and influence all levels of professionals including managers with extremely strong spoken and written communications.

+ Provide leadership to achieve objectives surrounding tactical and strategic improvements to the enterprise infrastructure vulnerability management program.

+ Provide daily guidance to other team members involved in executing this control in a collaborative teamwork fashion.

+ Pursue the necessary training and stay abreast of regulatory and compliance issues.

+ Engage with all levels of professionals and managers companywide and serve as an experienced advisor to leadership.

+ Consult with leadership and security peers and experts on complex security issues and findings.

**Required Qualifications:**

+ 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, and/or education.

+ 3+ years of advanced Excel data wrangling/data analysis including pivot tables, light macros, intermediate formulas.

+ 2+ years of vulnerability management governance experience.

+ Extremely strong critical thinking and deductive reasoning skills.

+ Very strong communications skills to team members and leadership at all levels

**Desired Qualifications:**

+ 5+ combined years' experience in vulnerability management or ethical hacking.

+ Experience in software or web development using:- Java 8+- C# using .NET Framework 4.5+, .NET Core 2.0+, or .NET 5+ Experience in:- Virtual systems, including Vmware Horizon (for "WAVE" devices)- Containerized workloads

+ Experience in software or web development using Python, Node.js, Visual C++, Ruby

+ Experience in common web engines including:- Microsoft Internet Information Services (IIS)- Apache Tomcat- Apache HTTP Server- Oracle WebLogic Server- IBM WebSphere Application Server- IBM Open Liberty Server- Nginx- Red Hat Jboss Enterprise Application Platform

+ 1+ combined years' experience in Public cloud providers (emphasis on Google Cloud Platform and Microsoft Azure)

**Posting End Date:**

26 Apr 2024

***Job posting may come down early due to volume of applicants.**

**We Value Diversity**

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

**Applicants with Disabilities**

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .

**Drug and Alcohol Policy**

Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.

**Company:** WELLS FARGO BANK

**Req Number:** R-351969-2

**Updated:** Wed Apr 10 00:00:00 UTC 2024

**Location:** CHANDLER,Arizona