Wells Fargo Lead Information Security Engineer 

India, Karnataka, Bengaluru 

256147238

In this role, you will:

• Provide deep technical guidance on secure coding, vulnerability remediation, threat modeling, and security tools
• Serve as the escalation point for Satellite ASCs, ensuring QA/QC of findings, especially in high-risk and regulatory environments
• Lead and continuously enhance the Satellite ASC enablement journey , including onboarding, advanced training, and mentorship
• Participate in and lead secure design reviews , code analysis, and architecture consultations across multiple development teams
• Drive and maintain automated security tooling integrations in CI/CD (e.g., SAST, SCA, secrets scanning, IaC reviews)
• Support the creation and tracking of security KPIs and metrics dashboards , helping measure risk reduction and program impact
• Help shape policy and control frameworks that balance developer velocity with security assurance
• Contribute to the governance and continuous improvement of the Satellite ASC Program
• Act as a senior advisor and technical lead for the Satellite ASC Program, helping define governance, oversight, and continuous improvement
• Partner with Product, Engineering, and Risk leaders to define secure design patterns and control objectives for cloud and enterprise systems
• Lead the review and escalation process for critical findings , ensuring alignment with enterprise risk tolerance
• Coach and guide other Core ASCs to raise overall capability and impact of the Core ASC Center of Excellence

Required Qualifications:

• 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• 5+ years in application security, secure development, or DevSecOps roles, Strong experience with modern application architectures (e.g., cloud-native, microservices, APIs)
• 5+ years of experience as application security champion
• 1+ year of Fortify Code Analyzer experience
• 1+ year of CheckMarx experience
• 1+ year of Black Duck SCA experience
• 1+ year of SAST (Static Analysis Software Testing) experience
• Experience scaling security programs in federated or decentralized models
• Certifications such as CSSLP, GWAPT, OSWE, or SANS/GIAC (GSSP, GWEB, etc.)
• Experience working in Agile/DevOps environments using tools like GitHub, Jira, Azure DevOps
• Familiarity with compliance frameworks (e.g., NIST, ISO 27001, CRI Profile)
• Proficiency with static/dynamic analysis tools (e.g., SAST, DAST, SCA, GHAS) and manual code reviews
• Familiarity with secure SDLC principles, threat modeling methodologies (STRIDE, PASTA), and OWASP standards
• Excellent communication skills with experience mentoring developers or leading training efforts
• Ability to manage competing priorities and influence teams without direct authority

• Excellent verbal, written, and interpersonal communication skills
• Ability to manage highly complex issues and negotiate solutions
• Ability to interact and communicate effectively with all levels of an organization; including at the executive level.

Job Expectations:

• Ability to work additional hours as needed
• Meet in-office expectations (currently 3 days in-office per week average)

Wells Fargo Recruitment and Hiring Requirements:

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.