Application Security - Principal Engineer 141278-NC-CIC Customer Information Ctr, United States Wells Fargo Committed to the financial health of our customers and communities. Explore bank accounts, loans, mortgages, investing, credit cards & banking services» View all jobs at Wells Fargo Wells Fargo Application Security Secure Development (SecDev) is seeking a Principal Engineer to drive strategic efforts and lead engineering projects within the Application Security program. The ideal candidate should have a proven track record of successfully implementing Application Security controls and capabilities in CI / CD pipelines and driving agile Application Security outcomes (DevSecOps ). The ideal candidate will be an industry-leading Subject Matter Expert (SME) in the Application Security domain and possess a mindset focused on creating proactive, preventative, and predictable solutions. In this role, you will: Lead complex cross-domain Application Security initiatives Influence senior leadership and stakeholder decision-making regarding technical solution design or control implementation Collaborate with Cybersecurity and Technology groups to improve automation and solve security concerns by accelerating reviews (make the secure path the easy path) and release into production Review and identify opportunities and gaps in current SDLC and Application Security processes and controls Provide technical subject matter expertise and thought leadership on secure software development, secure code review, static analysis, software composition analysis / supply chain security, threat modeling / security-by-design, AI security, cloud security and penetration testing Define and optimize security requirements and secure design review processes Prototype technical solutions and drive productization of innovative security solutions Stay abreast of industry standards and innovation in the Application Security space Drive a culture of innovation across Application Security Provide mentoring and development to junior engineers Required Qualifications: 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: 10+ years of experience in identifying security issues and risks, and developing mitigation plans 7 + years – Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs) 5+ years of automated / manual code review – secure code review, security peer review, static analysis (Checkmarx, Fortify, Semgrep, manual code review) 5+ years of experience with secure DevOps and deployment automation 5+ years – CI/CD integration experience Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments Experience with supply chain security (SLSA, SCVS) Software Composition Analysis, and container security Experience with Dynamic Analysis Security Testing (DAST), IAST or RASP Experience with Artificial Intelligence security with a focus on Machine Learning and GenAI Experience with SDLC and Agile methodologies Experience with GCP and Azure security Desired certifications: CISSP, CSSLP, CASP+, CASE, GSEC Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices Job Expectations: This position offers a hybrid work schedule This position is not eligible for Visa sponsorship Locations: 1525 WT Harris Blvd, Charlotte, North Carolina 28262 194 S Wood Ave, Iselin, NJ 08830 Pay Range Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates. $144,400.00 - $300,000.00 About this role: Wells Fargo Application Security Secure Development (SecDev) is seeking a Principal Engineer to drive strategic efforts and lead engineering projects within the Application Security program. The ideal candidate should have a proven track record of successfully implementing Application Security controls and capabilities in CI / CD pipelines and driving agile Application Security outcomes (DevSecOps ). The ideal candidate will be an industry-leading Subject Matter Expert (SME) in the Application Security domain and possess a mindset focused on creating proactive, preventative, and predictable solutions. In this role, you will: Lead complex cross-domain Application Security initiatives Influence senior leadership and stakeholder decision-making regarding technical solution design or control implementation Collaborate with Cybersecurity and Technology groups to improve automation and solve security concerns by accelerating reviews (make the secure path the easy path) and release into production Review and identify opportunities and gaps in current SDLC and Application Security processes and controls Provide technical subject matter expertise and thought leadership on secure software development, secure code review, static analysis, software composition analysis / supply chain security, threat modeling / security-by-design, AI security, cloud security and penetration testing Define and optimize security requirements and secure design review processes Prototype technical solutions and drive productization of innovative security solutions Stay abreast of industry standards and innovation in the Application Security space Drive a culture of innovation across Application Security Provide mentoring and development to junior engineers Required Qualifications: 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education Desired Qualifications: 10+ years of experience in identifying security issues and risks, and developing mitigation plans 7 + years – Development experience in more than one language (preferred Java or C# & .NET CORE development experience including the development of RESTful APIs) 5+ years of automated / manual code review – secure code review, security peer review, static analysis (Checkmarx, Fortify, Semgrep, manual code review) 5+ years of experience with secure DevOps and deployment automation 5+ years – CI/CD integration experience Deep hands-on technical expertise in at least two of the following areas: network security, embedded/hardware security, cryptography, web and network protocols, data structures and algorithms, software development, threat modeling, pen tests, or vulnerability assessments Experience with supply chain security (SLSA, SCVS) Software Composition Analysis, and container security Experience with Dynamic Analysis Security Testing (DAST), IAST or RASP Experience with Artificial Intelligence security with a focus on Machine Learning and GenAI Experience with SDLC and Agile methodologies Experience with GCP and Azure security Desired certifications: CISSP, CSSLP, CASP+, CASE, GSEC Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices Job Expectations: This position offers a hybrid work schedule This position is not eligible for Visa sponsorship Locations: 1525 WT Harris Blvd, Charlotte, North Carolina 28262 2600 S Price Rd, Chandler, Arizona 85286 194 S Wood Ave, Iselin, NJ 08830 Pay Range Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates. $144,400.00 - $300,000.00 Benefits Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. VisitBenefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees. Health benefits 401(k) Plan Paid time off Disability benefits Life insurance, critical illness insurance, and accident insurance Parental leave Critical caregiving leave Discounts and savings Commuter benefits Tuition reimbursement Scholarships for dependent children Adoption reimbursement Posting End Date: 19 Jun 2025 *Job posting may come down early due to volume of applicants. We Value Equal Opportunity Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic. Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements. Applicants with Disabilities To request a medical accommodation during the application or interview process, visitDisability Inclusion at Wells Fargo . Drug and Alcohol Policy Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more. Wells Fargo Recruitment and Hiring Requirements: a. Third-Party recordings are prohibited unless authorized by Wells Fargo. b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process. Find even more open roles below ordered by popularity of job title or skills/products/technologies used. #J-18808-Ljbffr Cyber Crime
Are you ready to join a dynamic team that is revolutionizing drug discovery? We are seeking an innovative Senior Scientist, Computational Chemistry to contribute to cutting-edge small molecule programs targeting GPCRs. If you're passionate about leveraging advanced...
...various customer-required certifications. Who are we?This is a great opportunity to join a growth-oriented company within the aerospace industry that has been in business for over 100 years! We specialize in manufacturing aluminum and magnesium products for...
...during aircraft maintenance. # Identifies, protects, and preserves piece parts and articles undergoing maintenance in accordance with RSM/QCM and company policies and procedures. # Assures parts, products and materials that are installed meet regulatory requirements....
...personal and professional growth for direct reports Persuasively presenting concepts and projects, both internally and to clients in writing, in person, or over video chat. Following processes for proofing and company brand compliance. Ensuring brand tone-of-voice...
...you the opportunity to make a difference at one of the world's top health and wellness companies as you assume a key role as a WordPress Developer for our Corporate Communications Department. We foster an open, energizing and collaborative environment and our team is made...