Wells Fargo Lead Application Security Engineer 

United States, New York, New York 

530568801

In this role, you will:

In this role, you will lead, support and guide development teams in the implementation of key security capabilities including secure design, security requirements, threat modeling, static analysis, software composition analysis, application security posture management / vulnerability management, for cloud non-cloud application protection. Strong coding experience required, though daily coding tasks is not part of this role:

• Educate and Guide : Lead defense and application teams through attack scenarios, creating proof of concept when necessary, and provide remediation strategies for common security vulnerabilities (e.g., XSS, Parameter Tampering, SQL Injection etc.)

• Security Risk Assessment : Conduct assessments to ensure compliance with corporate security policies and best practices, identifying and mitigating vulnerabilities across networks, applications, and hardware.

• Leadership and communications : Provide leadership and technical guidance to engineering teams, manage complex security issues, and communicate risks and mitigation strategies to both technical and non-technical stakeholders.

• Security Solutions : Develop and implement security solutions for complex operational and integration challenges, working closely with systems architects and application teams to ensure secure software design and deployment.

• Collaboration and Implementation : Partner with enterprise application security program and implement initiatives, including secure coding best practices and support communication and progress tracking of within application teams.

• Vulnerability Management : Use tools like static analysis software (CheckMarx) to detect and remediate vulnerabilities, analyze trends, and report on vulnerability detection, remediation, and compliance.

Additional Duties:

• Lead complex technology initiatives including those that are companywide with broad impact
• Act as a key participant in developing standards and companywide best practices for engineering complex and large scale technology solutions for technology engineering disciplines
• Design, code, test, debug, and document for projects and programs
• Review and analyze complex, large-scale technology solutions for tactical and strategic business objectives, enterprise technological environment, and technical challenges that require in-depth evaluation of multiple factors, including intangibles or unprecedented technical factors
• Make decisions in developing standard and companywide best practices for engineering and technology solutions requiring understanding of industry best practices and new technologies, influencing and leading technology team to meet deliverables and drive new initiatives
• Collaborate and consult with key technical experts, senior technology team, and external industry groups to resolve complex technical issues and achieve goals
• Lead projects, teams, or serve as a peer mentor

Required Qualifications:

• 5+ years of Software Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 5+ years of information security applications and systems experience
• 5+ years of web applications experience

Desired Qualifications:

• Desired Qualifications:

• Expert understanding of the most common application security risks (OWASP Top 10, SANS/CWE Top 25)
• Experience in developing applications in Java, .NET (preferred), C#, JavaScript, Python, or other modern OOP languages.
• Experience with cloud security and environments (AWS, Azure, GCP) including cloud-native security tools and services.
• Experience managing automated application security testing tools, including Static and Dynamic Application Security Testing (SAST/DAST) and Software Composition Analysis (SCA)
• Provide strategic and tactical security guidance for secure application development, including the evaluation and recommendation of technical controls.
• Experience with DevSecOps practices and tools, including integration of security into CI/CD pipelines.
• Recommended application security certifications (one or more): CISSP, CCSP, CSSLP, OSCP/ OSEP/OSWE, CEH/LPT, CPT/CEPT, CASS, CASE, CMWAPT, CRTOP, GIACGEVA/GPEN/GWAPT/GCPN/GXPN/GMOB/GDAT
• Experience with integrating application security tools into Enterprise vulnerability management systems (e.g., ServiceNow)
• Deep understanding of secure application design principals, including the areas of authentication, authorization/least privilege, logging, encryption, data masking, data retention, and secure data transmission
• Strong technical and business writing skills, plus the ability to effectively explain plans and solutions verbally to both technology and business units.
• Direct or serve as a mentor to less experienced engineering staff.

Job Expectations:

• Available for occasional after-hours technology support
• 100% remote work option is not available.
• Visa Sponsorship is not available for this position

Pay Range

$111,100.00 - $237,100.00

21 Aug 2024

Wells Fargo Recruitment and Hiring Requirements:

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.