Business Systems Consultant 5 - Automated Dynamic Application Security Testing Team

  • Competitive
  • San Francisco, CA, USA
  • Permanent, Full time
  • Wells Fargo US
  • 16 Dec 17 2017-12-16

Business Systems Consultant 5 - Automated Dynamic Application Security Testing Team

Job Description

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle. Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Enterprise Information Security is seeking a Business Systems Consultant to support Automated Dynamic Application Security Testing.

In this role, you will also work with the DAST Manager, other BSCs, and the Information Security Leaders assigned to different CIO Areas to support the Automated Dynamic Application Security Testing (ADAST) program in each CIO area as well as to continuously ensure the timely and full completion of ADAST Testing of all applications in scope. Communication with the business security team, enterprise application security program, other enterprise information security partners, and development technology partners in each CIO area is critical in this role.

The Business Systems Consultant will:

  • Assist with communicating ADAST program information to various levels of personnel in security, technology, and business areas
  • Maintain test progression, test results, and other data in tracking tools for ADAST and DAST programs
  • Organize, prepare deliverables, and run various meetings for the ADAST and DAST programs program in individual CIO Areas
  • Coordinate tests with Wells Fargo EIS Security Testers and each CIO Area
  • Help maintain the ADAST and DAST program RACI document for individual CIO areas
  • Use an application selection methodology to select applications in scope for the ADAST Program in individual CIO areas
  • Maintain sharepoint sites for ADAST processes
  • Create Project Definition Documents (PDDs) for ADAST program in individual CIO Areas
  • Create Business Requirement Documents (BRDs) for ADAST program in individual CIO Areas
  • Assist with yearly scoping and scheduling exercise for the ADAST and DAST programs in individual CIO Areas
  • Assist with defining ADAST and DAST retest methodology in individual CIO Areas
  • Maintain process documentation for the ADAST and DAST programs
  • Improve processes related to the ADAST and DAST programs
  • Organize and hold meetings as required for ADAST and DAST programs
  • Assist with test and ADAST/DAST program issue escalation and problem resolution as required
  • Provide support of ADAST and DAST offshore resources
  • Create appropriate actionable metrics for EIS to provide visibility of summary and detailed level status
  • Interact with CIO Representatives in every LOB on a regular basis to provide status information, answer questions, and ensure the timely progression of tests
  • Meet with and provide updates to EIS management on issues and status regarding the ADAST and DAST programs
  • Follow-up with and research findings in the various defect tracking tools with the LOB representatives, CIO Representatives, and Information Security Engineers to support the ADAST and DAST programs
  • Follow-up with and research questions pertinent to the ADAST and DAST programs related processes, findings, tools, and tests
  • Prepare other ad hoc management level and audit material/documentation as required
Required Qualifications
  • 7+ years of business systems analysis experience, business systems design experience, or a combination of both
  • 6+ years of information security experience
  • 6+ years of SharePoint experience
  • 4+ years of experience communicating system vulnerabilities and remediation guidance to both technical and non-technical personnel
  • 4+ years of experience coordinating security testing engagements and tracking mitigation plans

Desired Qualifications
  • Excellent verbal, written, and interpersonal communication skills
  • Knowledge and understanding of technology project management: administrate and manage project schedules for multiple high profile implementation teams
  • Process definition and documentation experience
  • Knowledge and understanding of process flow or procedure writing
  • Ability to negotiate and facilitate issue resolution
  • Ability to work effectively in a team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
  • Ability to take initiative and work independently with minimal supervision in a structured environment
  • Ability to negotiate, influence, and collaborate to build successful relationships
  • Ability to organize and manage multiple priorities
  • Ability to develop reports and metrics
  • Ability to identify and present processes/operational enhancements
  • Knowledge and understanding of information security principles, policies, and procedures

Job Expectations
  • Ability to work additional hours as needed
  • Ability to work nights, weekends, and/or holidays as needed or scheduled

    All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

    Relevant military experience is considered for veterans and transitioning service men and women.

    Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.