About this role:

Wells Fargo is seeking a Information Security Engineering Manager

In this role, you will:

• Manage a team of engineers that design, document, test, maintain and provide issue resolution recommendations for highly complex security solutions related to networking, cryptography, cloud, authentication or directory services, email, internet, applications or endpoint security
• Manage security consulting on large projects for internal clients to ensure conformity with corporate information security policy, and standards
• Possess subject matter expertise at a mastery level in current and emerging security solutions and best practices
• Review and correlate security logs
• Manage computer security incident response activities for highly complex events
• Conduct technical investigation of security-related incidents, and conduct post-incident digital forensics to identify causes and recommend future mitigation strategies
• Manage implementation of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
• Work with more experienced technologists and team
• Interface with more experienced management
• Manage allocation of people and financial resources for Information Security Architecture
• Mentor and guide talent development of direct reports and assist in hiring talent

• 4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 2+ years of Leadership experience

• 10+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
• 6+ years of Application Security engineering / Implementation experience
• 4+ years of experience in working experience in the following security products: Checkmarx, Checkmarx One, Fortify, Invicti, Appscan, WebInspect, Nexus, Blackduck etc.
• 3+ years of managing, hiring, engagement and developing specialized application security engineers across platforms.
• 3+ years of DevSecOps / Automation experience
• Expertise in secure coding standards and agile secure SDLC and deep knowledge of EPL integration
• Well versed with application security vulnerabilities (OWASP) and remediation strategies.
• Bachelor's and/or master's degree in computer science or information Systems
• One or more professional certifications like CSSLP (Certified Secure Systems Lifecycle Professional), CISM or CISSP
• Superior attention to detail with excellent written and verbal communication skills.
• Strong understanding of intersection of Application Security domain and the latest development trends in API, Container and Cloud technologies.
• Comfortable with making and presenting recommendations to a wide audience of stakeholders
• Stay informed and educated on current and potential security threats and attacks.

• Demonstrated experience of communicating secure development concepts to non-technical audiences and the ability to achieve results through prolific communication skills.
• Demonstrated knowledge on Information Security related requirements in applications, secure development standards, and Best Practices.
• Demonstrated ability in publishing secure coding standards.
• Experience in Collaborating with cross functional teams to achieve results.
• Demonstrated experience in stakeholder management.
• Demonstrated experience of conflict resolution, negotiation and problem identification and solving skills.
• Superior Knowledge of AppSec security products

• Develop and maintain key application security platforms such as:
  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
• Maintain relationship with 3rd party vendors and escalate any issues.
• Maintain visibility into industry solutions and constantly push the envelope for best-in-class capabilities.
• Focus on depth of security analysis, reduction of noise to developer teams, and thoughtful risk mitigation aligned to policy and the threat landscape.
• Manage, hire, and develop specialized application security engineers across platforms.
• Deliver on-time, high quality output in alignment to the Application Security product backlog in partnership with Product Managers and Product Owners.
• Collaborate and influence all levels of professionals including experienced managers.
• Manage implementation plans and proactively drive efficiency and innovation.
• Drive "shift-left" automated controls in the Secure Software Development Life Cycle (SSDLC)
• Implement ongoing product (internal and vendor) enhancements and fine-tuning of rules to increase the precision in identifying and prioritizing application security defects.
• Manage upgrades, resiliency, continuity, and compliance with enterprise standards.