Principal Application Security Engineer

Job Title: Principal Application Security Engineer

Duration: 12+ Months

Location: Charlotte, NC / Dallas, TX / Minneapolis, MN / Phoenix, AZ Hybrid Role (3 days/week onsite)

In this role, you will:

Drive strategic efforts and lead transformative projects in the application security program. The ideal candidate will lead the charge in identifying and developing our next generation automation and application security solutions. The ideal candidate should have a proven track record of successfully bringing ideas to full production implementation in a large, complex environment. This person will be viewed as a Subject Matter Expert (SME) within the application security domain. This individual will possess a mindset focused on creating proactive, preventative, and predictable solutions.

The Application Security function within Cybersecurity is responsible for the secure software training, practices, and processes to address security risks across all phases of the Wells Fargo software development life cycle and prevent the introduction of unmanaged software security risks, through proactive code reviews, regulatory scanning, and advanced penetration testing techniques.

Key Responsibilities

:

Lead complex, cross-functional technology projects across Application Security

Present to and be able influence leadership and peer organizations

Collaborate with Cybersecurity and Technology groups to improve automation and enable secure development

Support the evolution of DevSecOps

Drive automation and integration of Application Security controls in the CI/CD pipeline

Provide mentoring and development to more junior and entry level engineering talent

Design, prototype, test and implement solutions to complex problems

Drive a culture of innovation across Application Security

Required Qualifications:

7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

3+ years of Cloud experience (GCP, Azure, AWS)

5 + years Development experience in more than one language

3+ years of experience with secure DevOps and deployment automation to cloud environments

3 + years CI/CD integration experience

2+ years of ServiceNow Experience

Demonstrated experience in Penetration Testing

Demonstrated experience in determining root cause analysis for actionable SDLC security updates

Dynamic Analysis Security Testing (DAST) experience

Knowledge of Kubernetes Containerization Strategy

Static Analysis Security Testing (SAST) experience (Checkmarx, Fortify, Semgrep, manual code review, etc.)

Recent Java or C# & .NET CORE development experience including the development of RESTful APIs

Experience with SDLC and Agile methodologies

Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices

Job Expectations:

Ability to Travel up to 10% of the time
#J-18808-Ljbffr