PAY RANGE

Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.
$144,400.00 - $300,000.00

APPLICANTS WITH DISABILITIES

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .

WELLS FARGO RECRUITMENT AND HIRING REQUIREMENTS:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, educatio

Desired Qualifications:

• 10+ years of experience in identifying security issues and risks, and developing mitigation plans
• 7 + years - Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs)
• 5+ years of automated / manual code review - secure code review, security peer review, static analysis (Checkmarx, Fortify, Semgrep, manual code review)
• 5+ years of experience with secure DevOps and deployment automation
• 5+ years - CI/CD integration experience
• Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments
• Experience with supply chain security (SLSA, SCVS) Software Composition Analysis, and container security
• Experience with Dynamic Analysis Security Testing (DAST), IAST or RASP
• Experience with Artificial Intelligence security with a focus on Machine Learning and GenAI
• Experience with SDLC and Agile methodologies
• Experience with GCP and Azure security
• Desired certifications: CISSP, CSSLP, CASP+, CASE, GSEC
• Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards,and best practice

Wells Fargo Application Security Secure Development (SecDev) is seeking a Principal Engineer to drive strategic efforts and lead engineering projects within the Application Security program. The ideal candidate should have a proven track record of successfully implementing Application Security controls and capabilities in CI / CD pipelines and driving agile Application Security outcomes (DevSecOps). The ideal candidate will be an industry-leading Subject Matter Expert (SME) in the Application Security domain and possess a mindset focused on creating proactive, preventative, and predictable solutions.

In this role, you will:

• Lead complex cross-domain Application Security initiatives
• Influence senior leadership and stakeholder decision-making regarding technical solution design or control implementation
• Collaborate with Cybersecurity and Technology groups to improve automation and solve security concerns by accelerating reviews (make the secure path the easy path) and release into production
• Review and identify opportunities and gaps in current SDLC and Application Security processes and controls
• Provide technical subject matter expertise and thought leadership on secure software development, secure code review, static analysis, software composition analysis / supply chain security, threat modeling / security-by-design, AI security, cloud security and penetration testing
• Define and optimize security requirements and secure design review processes
• Prototype technical solutions and drive productization of innovative security solutions
• Stay abreast of industry standards and innovation in the Application Security space
• Drive a culture of innovation across Application Security
• Provide mentoring and development to junior engineers

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• 10+ years of experience in identifying security issues and risks, and developing mitigation plans
• 7 + years - Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs)
• 5+ years of automated / manual code review - secure code review, security peer review, static analysis (Checkmarx, Fortify, Semgrep, manual code review)
• 5+ years of experience with secure DevOps and deployment automation
• 5+ years - CI/CD integration experience
• Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments
• Experience with supply chain security (SLSA, SCVS) Software Composition Analysis, and container security
• Experience with Dynamic Analysis Security Testing (DAST), IAST or RASP
• Experience with Artificial Intelligence security with a focus on Machine Learning and GenAI
• Experience with SDLC and Agile methodologies
• Experience with GCP and Azure security
• Desired certifications: CISSP, CSSLP, CASP+, CASE, GSEC
• Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards,and best practices

Job Expectations:

• This position offers a hybrid work schedule
• This position is not eligible for Visa sponsorship

Locations:

• 1525 WT Harris Blvd, Charlotte, North Carolina 28262
• 2600 S Price Rd, Chandler, Arizona 85286
• 194 S Wood Ave, Iselin, NJ 08830