Information Security Engineering Senior Manager

About The Position

Requirements

• 7+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of management or leadership experience
• 3+ years managing teams of 10–12 application security engineers
• Deep expertise across core Application Security domains SAST, DAST, SCA, Secrets management and detection
• Strong experience integrating SAST, DAST, and SCA tools into SDLC workflows and source code repositories
• Deep expertise across core Application Security domains SAST, DAST, SCA, Secrets management and detection, Infrastructure as Code (IaC)
• Proven experience evaluating and managing multiple AppSec tooling vendors
• Advanced knowledge of GitHub, Jira, ServiceNow, Jenkins, Harness, and CI/CD ecosystems
• Strong understanding of OWASP standards and MITRE CVE/CWE frameworks
• Extensive experience implementing and maturing Secure Software Development Lifecycle (SSDLC) practices across Agile and custom development frameworks
• Familiarity with AI/LLM-enabled development tooling (e.g., Cursor, GitHub Copilot, custom LLM integrations), including auto-remediation capabilities using AI, and governance considerations
• Demonstrated ability to lead cross-functional initiatives, drive workflow integration, and prioritize enterprise-level initiatives
• Strong leadership skills with the ability to foster a collaborative, high-performance team culture grounded in continuous learning and improvement
• Excellent written, verbal, and executive-level presentation skills
• Proven leadership in highly regulated environments with strong project and program management capabilities

Nice To Haves

• 5 + years – Development experience in more than one language
• 3 + years of using the IaC to configure, build, and deploy
• 2+ years of DevSecOps / Automation experience
• Relevant industry certifications such as CISM, CISSP, CSSLP, or equivalent
• Hands-on experience with vendor tools Checkmarx, Blackduck, Prisma, Trufflehog, GHAS, Synk, Socket
• Experience developing customization in .NET core, ASP. Net, API development and custom services
• Master’s degree or equivalent bachelor’s in information technology, Cybersecurity, Computer Science, or related discipline (or equivalent professional experience and certifications)

Responsibilities

• Provide Program Leadership & Operational Execution, Technical & Security Leadership
• Lead day-to-day operational execution of Application Security programs
• Partner with leadership on strategy development and execution
• Coordinate and implement assigned projects and initiatives
• Establish and track performance goals and operational metrics for self and team
• Monitor team deliverables to ensure timeliness, quality, and alignment with expectations
• Strengthen integration of AppSec controls across enterprise tools and CI/CD pipelines
• Improve workflow alignment between Security Architecture and Application Security functions
• Design and implement repeatable, scalable, and automated AppSec processes
• Drive prioritization frameworks aligned with enterprise risk and business objectives
• Enhance transparency and reporting of AppSec processes, execution status, and outcomes
• Provide hands-on technical leadership in tooling integration, automation, and process execution
• Lead implementation of shift-left security strategies while maintaining strong developer experience within Wells Fargo’s internal tooling ecosystem
• Recommend mitigation strategies for identified application security risks
• Serve as an AppSec representative in cross-functional governance and technical forums
• Partner with AppSec governance teams to support control development, validation, and testing
• Collaborate with control management and cybersecurity leadership to design new security controls
• Support internal and external audits, regulatory reviews, and third-party assessments
• Implement ongoing product (internal and vendor) enhancements and fine-tuning of rules to increase the precision in identifying and prioritizing application security defects.
• Manage upgrades, resiliency, continuity, and compliance with enterprise standards.

Benefits

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement