Information Security Engineering Senior Manager

About this role:

Wells Fargo is seeking an Information Security Engineering Senior Manager for our Application Security Team.

*In this role, you will:*

• Provide Program Leadership & Operational Execution, Technical & Security Leadership
• Lead day-to-day operational execution of Application Security programs
• Partner with leadership on strategy development and execution
• Coordinate and implement assigned projects and initiatives
• Establish and track performance goals and operational metrics for self and team
• Monitor team deliverables to ensure timeliness, quality, and alignment with expectations
• Strengthen integration of AppSec controls across enterprise tools and CI/CD pipelines
• Improve workflow alignment between Security Architecture and Application Security functions
• Design and implement repeatable, scalable, and automated AppSec processes
• Drive prioritization frameworks aligned with enterprise risk and business objectives
• Enhance transparency and reporting of AppSec processes, execution status, and outcomes
• Provide hands-on technical leadership in tooling integration, automation, and process execution
• Lead implementation of shift-left security strategies while maintaining strong developer experience within Wells Fargo’s internal tooling ecosystem
• Recommend mitigation strategies for identified application security risks
• Serve as an AppSec representative in cross-functional governance and technical forums
• Partner with AppSec governance teams to support control development, validation, and testing
• Collaborate with control management and cybersecurity leadership to design new security controls
• Support internal and external audits, regulatory reviews, and third-party assessments
• Implement ongoing product (internal and vendor) enhancements and fine-tuning of rules to increase the precision in identifying and prioritizing application security defects.
• Manage upgrades, resiliency, continuity, and compliance with enterprise standards.

*Required Qualifications:*

• 7+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of management or leadership experience
• 3+ years managing teams of 10–12 application security engineers
• Deep expertise across core Application Security domains SAST, DAST, SCA, Secrets management and detection
• Strong experience integrating SAST, DAST, and SCA tools into SDLC workflows and source code repositories
• Deep expertise across core Application Security domains SAST, DAST, SCA, Secrets management and detection, Infrastructure as Code (IaC)
• Proven experience evaluating and managing multiple AppSec tooling vendors
• Advanced knowledge of GitHub, Jira, ServiceNow, Jenkins, Harness, and CI/CD ecosystems
• Strong understanding of OWASP standards and MITRE CVE/CWE frameworks
• Extensive experience implementing and maturing Secure Software Development Lifecycle (SSDLC) practices across Agile and custom development frameworks
• Familiarity with AI/LLM-enabled development tooling (e.g., Cursor, GitHub Copilot, custom LLM integrations), including auto-remediation capabilities using AI, and governance considerations
• Demonstrated ability to lead cross-functional initiatives, drive workflow integration, and prioritize enterprise-level initiatives
• Strong leadership skills with the ability to foster a collaborative, high-performance team culture grounded in continuous learning and improvement
• Excellent written, verbal, and executive-level presentation skills
• Proven leadership in highly regulated environments with strong project and program management capabilities

*Desired Qualifications:*

• 5 + years – Development experience in more than one language
• 3 + years of using the IaC to configure, build, and deploy
• 2+ years of DevSecOps / Automation experience
• Relevant industry certifications such as CISM, CISSP, CSSLP, or equivalent
• Hands-on experience with vendor tools Checkmarx, Blackduck, Prisma, Trufflehog, GHAS, Synk, Socket
• Experience developing customization in .NET core, ASP. Net, API development and custom services
• Master’s degree or equivalent bachelor’s in information technology, Cybersecurity, Computer Science, or related discipline (or equivalent professional experience and certifications)

*Job Expectations:*

• This position offers a hybrid work schedule
• This position is not eligible for Visa sponsorship

*Salary Ranges:*

• $159,000 - $254,000 - Charlotte, NC
• $159,000 - $254,000 - Chandler, AZ
• $159,000 - $254,000 - Irving, TX
• $191,000 - $305,000 - Iselin, NJ
• $191,000 - $305,000 - San Francisco, CA

Pay Range

Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to demonstrated examples of prior performance, skills, experience, or work location. Employees may also be eligible for incentive opportunities.

$159,000.00 - $305,000.00

Benefits

Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:

21 Apr 2026

*Job posting may come down early due to volume of applicants.

We Value Equal Opportunity

Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

Wells Fargo maintains a drug free workplace.  Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.

For more details click Job Post.