CrawlJobs Logo

Lead Information Security Engineer

https://www.wellsfargo.com/ Logo

Wells Fargo

Location Icon

Location:
India, Bengaluru

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

Wells Fargo is seeking a Lead Information Security Engineer to provide deep technical guidance on secure coding, vulnerability remediation, threat modeling, and security tools. The role involves leading and enhancing the Satellite ASC enablement journey, participating in secure design reviews, and driving automated security tooling integrations in CI/CD. The candidate will also support the creation and tracking of security KPIs and metrics dashboards, help shape policy and control frameworks, and contribute to the governance and continuous improvement of the Satellite ASC Program.

Job Responsibility:

  • Provide deep technical guidance on secure coding, vulnerability remediation, threat modeling, and security tools
  • Serve as the escalation point for Satellite ASCs, ensuring QA/QC of findings, especially in high-risk and regulatory environments
  • Lead and continuously enhance the Satellite ASC enablement journey, including onboarding, advanced training, and mentorship
  • Participate in and lead secure design reviews, code analysis, and architecture consultations across multiple development teams
  • Drive and maintain automated security tooling integrations in CI/CD (e.g., SAST, SCA, secrets scanning, IaC reviews)
  • Support the creation and tracking of security KPIs and metrics dashboards, helping measure risk reduction and program impact
  • Help shape policy and control frameworks that balance developer velocity with security assurance
  • Contribute to the governance and continuous improvement of the Satellite ASC Program
  • Act as a senior advisor and technical lead for the Satellite ASC Program, helping define governance, oversight, and continuous improvement
  • Partner with Product, Engineering, and Risk leaders to define secure design patterns and control objectives for cloud and enterprise systems
  • Lead the review and escalation process for critical findings, ensuring alignment with enterprise risk tolerance
  • Coach and guide other Core ASCs to raise overall capability and impact of the Core ASC Center of Excellence

Requirements:

  • 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • 5+ years in application security, secure development, or DevSecOps roles
  • Strong experience with modern application architectures (e.g., cloud-native, microservices, APIs)
  • 5+ years of experience as application security champion
  • 1+ year of Fortify Code Analyzer experience
  • 1+ year of CheckMarx experience
  • 1+ year of Black Duck SCA experience
  • 1+ year of SAST (Static Analysis Software Testing) experience
  • Experience scaling security programs in federated or decentralized models
  • Certifications such as CSSLP, GWAPT, OSWE, or SANS/GIAC (GSSP, GWEB, etc.)
  • Experience working in Agile/DevOps environments using tools like GitHub, Jira, Azure DevOps
  • Familiarity with compliance frameworks (e.g., NIST, ISO 27001, CRI Profile)
  • Proficiency with static/dynamic analysis tools (e.g., SAST, DAST, SCA, GHAS) and manual code reviews
  • Familiarity with secure SDLC principles, threat modeling methodologies (STRIDE, PASTA), and OWASP standards
  • Excellent communication skills with experience mentoring developers or leading training efforts
  • Ability to manage competing priorities and influence teams without direct authority
  • Excellent verbal, written, and interpersonal communication skills
  • Ability to manage highly complex issues and negotiate solutions
  • Ability to interact and communicate effectively with all levels of an organization
  • including at the executive level

Nice to have:

  • Certifications such as CSSLP, GWAPT, OSWE, or SANS/GIAC (GSSP, GWEB, etc.)
  • Experience working in Agile/DevOps environments using tools like GitHub, Jira, Azure DevOps
  • Familiarity with compliance frameworks (e.g., NIST, ISO 27001, CRI Profile)
  • Proficiency with static/dynamic analysis tools (e.g., SAST, DAST, SCA, GHAS) and manual code reviews
  • Familiarity with secure SDLC principles, threat modeling methodologies (STRIDE, PASTA), and OWASP standards

Additional Information:

Job Posted:
August 04, 2025

Expiration:
August 30, 2025

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
View All Jobs In This Company
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon
Welcome to CrawlJobs.com
Your Global Job Discovery Platform
At CrawlJobs.com, we simplify finding your next career opportunity by bringing job listings directly to you from all corners of the web. Using cutting-edge AI and web-crawling technologies, we gather and curate job offers from various sources across the globe, ensuring you have access to the most up-to-date job listings in one place.
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Australia Jobs China Jobs Canada Jobs Mexico Jobs Portugal Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2025 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy