Senior Information Security Engineer for Application Security Scanning Process

About this role:

Wells Fargo is seeking Senior Information Security Engineer.

In this role, you will:

• Manage security automation tools with main focus on SCA (i.e. Checkmarx One, BlackDuck) and other tools in the ecosystem along with supporting operational management with regularly scheduled upgrade of the tools. Interface with various internal teams ServiceNow AVR, DevOps and vulnerability operations team to make sure SCA vulnerabilities are identified and recorded per the application security policies and guidance.
• This role is part of application security engineering team responsible for scanning code following the Wells Fargo established guidelines, secure development policies and procedures. This role will focus heavily on building and enhancing Software composition analysis (SCA) practice, help software developers at various Wells Fargo CIO teams to build faster, more securely, fine-tuning the tools, leveraging AI where possible to improve processes and services for optimal developer experience
• Collaborate with security architecture teams to design vulnerability management workflow, establish best practices and design guidance to optimize experience for developers
• Security training and outreach as needed for internal development teams
• Adversarial security analysis on various application security requirements as requested from various CIO teams, research and recommend cutting-edge tools and industry best practices.
• Work with application security governance teams, risk & compliance partners on audits (e.g., SOC 2, PCI-DSS) and recommending relevant policies.
• Collaborate with CTO pipeline teams to improve code quality and vulnerability detection on Open Source, code signing and SBOM creation
• Analyze, enhance, architect and support container security tools and platforms
• Design and build advanced security solutions to strengthen open-source software supply chains for effective automation and management.

Required Qualifications:

• 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• Experience in Security automation tools with main focus on SCA (i.e. Checkmarx One, BlackDuck)
• Solid Experience in OWASP Top 10 or CWE
• Good Knowledge in software development, experience in one or more of programming languages, .Net C#, Java, RUST, C++
• Ability to write automation scripts in Python, PowerShell to support internal projects
• Experience with CI/CD pipelines and related technologies (e.g., GitHub, Jenkins, Maven, Artifactory, Harness, Xray, Curation)
• Good understanding of Secure Software development lifecycle
• Demonstrated experience of communicating secure development concepts to non-technical audiences and the ability to achieve results through prolific communication skills.
• Demonstrated knowledge on Information Security related requirements in applications, secure development standards, and best practices.
• Demonstrated ability in publishing secure coding standards.
• Experience in Collaborating with cross functional teams to achieve results.
• Demonstrated experience in stakeholder management.
• Demonstrated experience of problem identification and solving skills.
• Superior Knowledge of AppSec security products.

Job Expectations:

• Detailed oriented must be able to create documentation on different SCA procedures and tool configuration.
• Familiarity and experience with AI tools supporting false positives reduction, auto code remediation, open-source threat intelligence would be preferred.
• Experience with Jira/Confluence is required
• Strong problem-solving and analytical skills
• Certification in information security (CISSP, CISM, CEH, etc.)
• Experience with container security working with technologies like k8s and container technologies such as OpenShift
• Experience generating Software Bill of Materials (SBOMs) using CycloneDX or SPDX, managing or utilizing dependency track
• From an application security perspective, knowledge of AI/ML and GenAI is essential for building robust defenses ​

Posting End Date: 

*Job posting may come down early due to volume of applicants.

We Value Equal Opportunity

Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug free workplace.  Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.