Senior Security Architect

• Lead in component architecture and participate in enterprise architecture activity
• Participate in the definition of future technology architecture and strategy
• Develop and maintain business system and corporate architectures
• Review and research complex technology and system assessments for component architecture
• Support implementation of moderate to complex projects and initiatives
• Produce project architecture designs
• Ensure applications adhere to established Wells Fargo standards, policies, methodologies and industry best practices
• Understand compliance and risk management requirements for supported areas
• Stay ahead of emerging technologies and capabilities in order to prepare and respond to customer needs and expectations
• Provide in-depth technical and systems consultation to internal clients and technical management to ensure alignment with the Enterprise Architecture
• Own end‑to‑end threat modeling for applications, services, and platforms—from intake through risk closure
• Partner with engineering and platform teams to understand architectures, data flows, trust boundaries, identities, and integrations
• Identify architectural and design‑level threats using established models and real‑world attack patterns
• Apply frameworks such as STRIDE, and map threats to OWASP Top 10, SANS Top 25, and MITRE ATT&CK where appropriate
• Clearly explain why design choices introduce risk and prioritize threats using internal risk scoring
• Recommend practical, architecture‑appropriate security controls and validate mitigations via design reviews, configurations, or code inspection
• Influence secure design decisions through collaboration and technical credibility—not authority
• Recognize recurring threat patterns and contribute to improving threat modeling standards, tooling, and practices
• Mentor engineers and raise the overall quality and consistency of threat modeling outcomes

• 4+ years of Architecture experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• Strong years of experience in Information Security, Application Security, or Security Architecture
• Proven experience of 4+ years independently driving threat modeling efforts across applications or platforms is must
• Experience working with at least one industry‑recognized threat modeling tool (Microsoft TMT, IriusRisk, ThreatModeler, OWASP Threat Dragon etc.)
• Solid understanding of OWASP Top 10 and SANS Top 25
• Secure design principles, common attack vectors, and architectural anti‑patterns
• Experience with STRIDE or other threat modeling frameworks
• Working knowledge of MITRE ATT&CK and its relevance to design‑level threats
• Comfortable reviewing architecture diagrams, design docs, and navigating code repositories (GitHub, TFS, etc.)
• Hands‑on experience reviewing code manually to identify and mitigate security risks
• Experience using JIRA and Confluence for tracking threat modeling activities
• Strong communication skills—able to clearly explain risk to engineers, architects, and leadership
• Experience with cloud‑native, platform, or GenAI/agentic architectures is a plus
• Ability to operate in fast‑paced environments while maintaining a high bar for quality and rigor.

Experience with cloud‑native, platform, or GenAI/agentic architectures is a plus