Skills: "Need strong and deep experience with App Security and vulnerability management”
Drive strategic efforts and lead transformative projects in the application security program. The ideal candidate will lead the charge in identifying and developing our next generation automation and application security solutions. The ideal candidate should have a proven track record of successfully bringing ideas to full production implementation in a large, complex environment. This person will be viewed as a Subject Matter Expert (SME) within the application security domain. This individual will possess a mindset focused on creating proactive, preventative, and predictable solutions.
The Application Security function within Cybersecurity is responsible for the secure software training, practices, and processes to address security risks across all phases of the Wells Fargo software development life cycle and prevent the introduction of unmanaged software security risks, through proactive code reviews, regulatory scanning, and
advanced penetration testing techniques.
Key Responsibilities
- Lead complex, cross-functional technology projects across Application Security
- Present to and be able influence leadership and peer organizations
- Collaborate with Cybersecurity and Technology groups to improve automation and enable secure development
- Support the evolution of DevSecOps
- Drive automation and integration of Application Security controls in the CI/CD pipeline
- Provide mentoring and development to more junior and entry level engineering talent
- Design, prototype, test and implement solutions to complex problems
- Drive a culture of innovation across Application Security
Required Qualifications, US:
- 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 3+ years of Cloud experience (GCP, Azure, AWS)
Desired Qualifications:
- 5 + years – Development experience in more than one language
- 3+ years of experience with secure DevOps and deployment automation to cloud environments
- 3 + years – CI/CD integration experience
- 2+ years of ServiceNow Experience
- Demonstrated experience in Penetration Testing
- Demonstrated experience in determining root cause analysis for actionable SDLC security updates
- Dynamic Analysis Security Testing (DAST) experience
- Knowledge of Kubernetes Containerization Strategy
- Static Analysis Security Testing (SAST) experience (Checkmarx, Fortify, Semgrep, manual code review, etc.)
- Recent Java or C# & .NET CORE development experience including the development of RESTful APIs
- Experience with SDLC and Agile methodologies
- Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices
Job Expectations:
- Ability to Travel up to 10% of the time