Principal Engineer Application Security Enablement

at  Wells Fargo

APPLICANTS WITH DISABILITIES

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .

WELLS FARGO RECRUITMENT AND HIRING REQUIREMENTS:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, educatio

Desired Qualifications:

• Advanced knowledge of OWASP Top 10 / SANS 25
• 7 + years - Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs)
• 7+ years of experience with DevSecOps and deployment automation
• 5+ years of CI / CD integration experience
• 2+ years of cloud security experience
• Demonstrated expert-level experience in one or more of the following AppSec capabilities: SAST, SCA, DAST, Secrets Scanning, IAST, Penetration Testing, Threat Modeling
• Experience with Checkmarx One and ServiceNow AVR
• Ability to influence complex technical solutions to senior leaders, matrix teams, and business unit partner

Wells Fargo is seeking a Principal Engineer to support Application Security Enablement. The Principal Engineer will lead engineering on Continuous Integration/Continuous Delivery (CI/CD) security tooling optimization (Static Application Security Testing - SAST, Software Composition Analysis - SCA, Dynamic Application Security Testing - DAST, Interactive Application Security Testing - IAST, etc.) In addition will lead strategic efforts to shift security left design approach in the Software Development Life Cycle (SDLC). Engage and present comprehensive strategies to senior leadership, while influencing leadership and peer organizations. To drive plans, will collaborate with Cybersecurity teams and Technology groups to improve automated security capabilities and improve developer experience. Drive a culture of innovation across Application Security including lead Application Security’s Engineering Guild, train Application Security Champions, and mentor junior engineers. Present quick response prototype PoC solutions and demonstrate viability. Lead projects to productize solutions and implement them within the enterprise.

In this role, you will:

• Act as an advisor to leadership to develop or influence applications, network, information security, database, operating systems, or web technologies for highly complex business and technical needs across multiple groups
• Lead the strategy and resolution of highly complex and unique challenges requiring in-depth evaluation across multiple areas or the enterprise, delivering solutions that are long-term, large-scale and require vision, creativity, innovation, advanced analytical and inductive thinking
• Translate advanced technology experience, an in-depth knowledge of the organizations tactical and strategic business objectives, the enterprise technological environment, the organization structure, and strategic technological opportunities and requirements into technical engineering solutions
• Provide vision, direction and expertise to leadership on implementing innovative and significant business solutions
• Maintain knowledge of industry best practices and new technologies and recommends innovations that enhance operations or provide a competitive advantage to the organization
• Strategically engage with all levels of professionals and managers across the enterprise and serve as an expert advisor to leadership

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• Advanced knowledge of OWASP Top 10 / SANS 25
• 7 + years - Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs)
• 7+ years of experience with DevSecOps and deployment automation
• 5+ years of CI / CD integration experience
• 2+ years of cloud security experience
• Demonstrated expert-level experience in one or more of the following AppSec capabilities: SAST, SCA, DAST, Secrets Scanning, IAST, Penetration Testing, Threat Modeling
• Experience with Checkmarx One and ServiceNow AVR
• Ability to influence complex technical solutions to senior leaders, matrix teams, and business unit partners

Job Expectations:

• Ability to travel up to 10% of the time.
• Ability to work onsite in the office in a hybrid model.
• This position is not eligible for Visa Sponsorship

Locations:

• Charlotte, NC
• Chandler, AZ
• Iselin, NJ