Principal Application Security Engineer

1 month ago Be among the first 25 applicants Job Title: Principal Application Security Engineer Duration: 12+ Months Location: Charlotte, NC / Dallas, TX / Minneapolis, MN / Phoenix, AZ – Hybrid Role (3 days/week onsite) In this role, you will: Drive strategic efforts and lead transformative projects in the application security program. The ideal candidate will lead the charge in identifying and developing our next generation automation and application security solutions. The ideal candidate should have a proven track record of successfully bringing ideas to full production implementation in a large, complex environment. This person will be viewed as a Subject Matter Expert (SME) within the application security domain. This individual will possess a mindset focused on creating proactive, preventative, and predictable solutions. The Application Security function within Cybersecurity is responsible for the secure software training, practices, and processes to address security risks across all phases of the Wells Fargo software development life cycle and prevent the introduction of unmanaged software security risks, through proactive code reviews, regulatory scanning, and advanced penetration testing techniques. Key Responsibilities: Lead complex, cross-functional technology projects across Application Security Present to and influence leadership and peer organizations Collaborate with Cybersecurity and Technology groups to improve automation and enable secure development Support the evolution of DevSecOps Drive automation and integration of Application Security controls in the CI/CD pipeline Provide mentoring and development to junior and entry-level engineering talent Design, prototype, test, and implement solutions to complex problems Drive a culture of innovation across Application Security Required Qualifications: 7+ years of Engineering experience or equivalent demonstrated through work experience, training, military experience, or education 3+ years of Cloud experience (GCP, Azure, AWS) 5+ years of development experience in more than one language 3+ years of experience with secure DevOps and deployment automation to cloud environments 3+ years of CI/CD integration experience 2+ years of ServiceNow experience Experience in Penetration Testing Experience in root cause analysis for SDLC security updates Experience with Dynamic Analysis Security Testing (DAST) Knowledge of Kubernetes containerization strategy Experience with Static Analysis Security Testing (SAST) tools (Checkmarx, Fortify, Semgrep, manual review) Recent Java or C# & .NET CORE development experience, including RESTful APIs Experience with SDLC and Agile methodologies Strong understanding of information security practices, policies, frameworks, and standards Job Expectations: Ability to travel up to 10% of the time Seniority level

Mid-Senior level Employment type

Full-time Job function

Other Industries

IT Services and IT Consulting

#J-18808-Ljbffr