Wells Fargo is seeking a Senior Information Security Engineer
In this role, you will:
- Lead or participate in computer security incident response activities for moderately complex events
- Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
- Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
- Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
- Review and correlate security logs
- Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
- Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
- Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
Required Qualifications:
- 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
Desired Qualifications:
- 4+ years of Software Engineering / Information / Cybersecurity experience.
- 1+ year of deep Prisma Cloud Enterprise experience, or experience with a similar Cloud Security Posture Management tool
- Proven experience creating Prisma Cloud Enterprise custom policies via RQL, or experience with policy development for a similar Cloud Security Posture Management tool
- Extensive cloud Security knowledge of services, workloads, and hardening practices
- Knowledge/experience with scripting/automation languages such as Terraform, Python and/or PowerShell
- Strong verbal and written communication skills
- Proven ability to work independently, as well as having strong interpersonal skills to work effectively within a Team and with partner Teams.
- 2+ years of Kubernetes experience
- Experience in implementing security solutions in Google Cloud Platform or Microsoft Azure
- Experience with creation of Build policy subtype in Prisma Cloud Enterprise using YAML
- Knowledge and understanding of DevSecOps and deployment automation to cloud environment
- Familiarity with of various cloud security and related risk frameworks (COBIT, Cloud Security Alliance (CSA), FedRAMP, etc.)
- Experience enabling auto-remediation via Prisma Cloud
- Experience with IAM & Data protection expertise for monitoring and responding to related incidents.
- Expertise and experience with API driven automation of policy creation
- Expertise and experience with Infrastructure as Code (IaC) and/or Policy as Code (PaC) concepts/tools
- Experience with change and incident management practices in medium to large enterprise environments.
- Knowledge and understanding of Splunk and/or Google Chronicle.
- Security certifications such as Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), or equivalent.
- Microsoft Azure and/or Google Cloud Certifications.
- Knowledge and understanding of CIS and NIST Cybersecurity frameworks.
- Experience with Agile Scrum or Kanban methodologies.
Job Expectations:
- Leveraging your deep expertise in writing RQL queries to implement new policies to check for cloud resource misconfiguration/configuration drift.
- Ability to efficiently transform Information Security requirements into Prisma Cloud Enterprise policies both net new policy creation/development, as well as policy modifications/update.
- Implement changes to support the remediation or burn down of alerts/finding from Prisma Cloud Enterprise scanning.
- Be a motivated self-starter, quick to adapt and stay focused on delivering results in a fast-paced environment with aggressive deadlines.
- Working effectively with a virtual Team consisting of members across various locations in the U.S. and India.
Employment Type: Full Time, Permanent
Read full job description