Principal Engineer - Application Security

About this role:

Wells Fargo is seeking a Principal Engineer. We believe in the power of working together because great ideas can come from anyone. Through collaboration, any employee can have an impact and make a difference for the entire company. Explore opportunities with us for a career in a supportive environment where you can learn and grow.

In this role, you will:

• Act as an advisor to leadership to develop or influence and drive application security for highly complex business and technical needs across multiple groups
• Lead the strategy and resolution of highly complex and unique challenges requiring in-depth evaluation across multiple areas or the enterprise, delivering solutions that are long-term, large-scale and require vision, creativity, innovation, advanced analytical and inductive thinking
• Translate advanced technology experience, an in-depth knowledge of the organizations tactical and strategic business objectives, the enterprise technological environment, the organization structure, and strategic technological opportunities and requirements into technical engineering solutions
• Provide vision, direction and expertise to leadership on implementing innovative and significant business solutions
• Maintain knowledge of industry best practices and new technologies and recommends innovations that enhance operations or provide a competitive advantage to the organization
• Strategically engage with all levels of professionals and managers across the enterprise and serve as an expert advisor to leadership

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• Bachelors degree in computer science, Information Security, or a related field - or equivalent work experience.
• 7 + years of progressive experience in application security, with a focus on securing complex web and mobile applications.
• Secure Software Development Lifecycle (SSDLC): Drive continuous improvement in Secure SDLC Requirements, Security Code Review, Static Application Security Testing (SAST), Software Composition Analysis (SCA), Secretes Detection Process, Container Security & Supply Chain Security embedding security in every stage of the builddeployoperate loop and driving shift-left initiatives.
• Cloud Security: Expertise in cloud security concepts and practices, with hands-on experience in cloud-native environments (e.g., AWS, Azure, GCP).
• Expertise in Security Tooling: Proven experience modernizing application security tools Checkmarx, Black Duck, GitHub Advanced Security (GHAS), ServiceNow AVR, Secret Detection, PRISMA, Threat Modeling (Microsoft TMT/ Threat Modeler)
• Security Framework: Deep understanding of web application security vulnerabilities OWASP Top10, SANS top 25, NIST 800-53, advanced attack techniques, and mitigation strategies.
• Advanced Security Architecture: Strong ability to design and implement security solutions that improve vulnerability management, developer experience, and integrate Security Tools seamlessly into CI/CD pipelines using Jenkins
• Application Development Frameworks: Strong knowledge of web and mobile application frameworks, languages, and technologies Java/.NET, Python & Gen AI.
• Governance & Compliance Knowledge: Experienced in working with application security governance teams and risk & compliance partners on audits (e.g., SOC 2, PCI-DSS) and providing recommendations for relevant policies.
• Strategic Leadership: Demonstrated capability to drive technology strategy, modernization initiatives, GenAI adoption, and establish reusable architectural patterns for secure development.
• Professional certifications in cyber security CISSP/CSSLP/CISM and active participation in industry forums or associations are highly desirable.
• Proven experience conducting advanced application security assessments, including code reviews and architecture reviews.
• Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell).
• Leader that can influence, motivate, and direct a workgroup to achieve results.
• Excellent communication skills both verbal and written.
• Project leadership with the ability to prioritize multiple assignments and / or deliverables.

Job Expectations:

• Modernize Security Tools: Enhance Checkmarx, Black Duck, ServiceNow AVR, and secret detection solutions; transform SAST with GenAI Tools.
• Architect Advanced Solutions: Design and implement security workflows for vulnerability management, container security, and open-source supply chain protection.
• Enable Secure Development: Integrate security into CI/CD pipelines, improve developer experience, and automate SBOM generation.
• Strengthen Supply Chain & Container Security: Enforce controls on third-party packages, secure container images, and support container security platforms.
• Enhance SCA Practices: Improve Black Duck scanning, SBOM features, and package blocking.
• Governance & Compliance: Collaborate on audits (SOC 2, PCI-DSS) and recommend security policies.
• Strategic Leadership: Drive modernization, GenAI adoption, and standardization of security solutions across teams.