Skip to Main Content

COVID- 19 Notice: Wells Fargo requires all U.S employees to provide their Covid 19 vaccination status on day one of employment.

Search our jobs

Application Lifecycle Security - Principal Engineer

Location: Charlotte, North Carolina

Job ID: R-164542

Apply now Go to My Saved Jobs


Wells Fargo technology teams drive innovation to create a more powerful and fulfilling financial experience for our customers and team members. You will join more than 24,000 team members supporting 95 billion transactions annually in 10 countries. Our career opportunities span the technology spectrum: advanced analytics, big data, information security, application development, cloud enablement, project management and more.

  • Job Type: Full Time

Back to Job Navigation (Overview)

Success Profile

Check out the top traits we're looking for and see if you have the right mix.

  • Analytical 8
  • Detail-oriented 7
  • Insightful 6
  • Inventive 7
  • Problem Solver 6
  • Curious 5
Traits are on a scale of 1 to 10

Back to Job Navigation (Success)


Wells Fargo wants to help you get more out of life and take care of things outside the office to make life a little easier. We provide:

  • Medical, Dental and Vision

  • Employer Matching 401(k)

  • Tuition Reimbursement

  • Maternity and Paternity Leave

  • Paid Time Off

Back to Job Navigation (Rewards)


About this role:

Wells Fargo is seeking a Principal Engineer...

In this role, you will:

  • Act as an advisor to leadership to develop or influence applications, network, information security, database, operating systems, or web technologies for highly complex business and technical needs across multiple groups
  • Lead the strategy and resolution of highly complex and unique challenges requiring in-depth evaluation across multiple areas or the enterprise, delivering solutions that are long-term, large-scale and require vision, creativity, innovation, advanced analytical and inductive thinking
  • Translate advanced technology experience, an in-depth knowledge of the organizations tactical and strategic business objectives, the enterprise technological environment, the organization structure, and strategic technological opportunities and requirements into technical engineering solutions
  • Provide vision, direction and expertise to leadership on implementing innovative and significant business solutions
  • Maintain knowledge of industry best practices and new technologies and recommends innovations that enhance operations or provide a competitive advantage to the organization
  • Strategically engage with all levels of professionals and managers across the enterprise and serve as an expert advisor to leadership

Required Qualifications, US:

  • 5+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • Working knowledge and understanding of design and development of modern web applications and mobile technologies
  • Working knowledge and understanding of OWASP Top 10s and other common web, mobile and API vulnerabilities
  • Ability to work effectively in a distributed team environment and across all organizational levels, where flexibility, collaboration, and adaptability are important
  • 5+ years of Java or C#.NET experience
  • 5+ years of development experience with web technologies and protocols
  • BS or MS in Computer Science or related field -- equivalent work experience will be considered
  • Ability to articulate issues, risks, and proposed solutions to various levels of staff and management
  • Ability to translate and present complex technical data across technical and non-technical groups
  • Ability to comprehend large, complex applications written by others from reading source code and reviewing system architecture diagrams

Desired Qualifications:

  • Certified Information Systems Security Professional (CISSP) or Certified Secure Software Lifecycle Professional (CSSLP)
  • Ethical Hacking certification such as CEH (Certified Ethical Hacker)
  • Static Analysis certification such as CxCE (Checkmarx Certified Engineer)
  • Developer Certifications (examples include SCWCD, SCJP, SCJD, SCJA, MCSD, etc.)
  • Experience with public / hybrid cloud configuration security
  • Working experience with agile / feature flag releases
  • Working experience with microservices and containerized architecture
  • 3+ years in data engineering (acquiring and validating data for analysis)
  • 4+ years of experience with static analysis security testing and software composition analysis and/or dynamic analysis security testing tools

Job Expectations:

  • Provide technical strategy for the Application Lifecycle Security function in concert with other principal engineers across the application security program
  • Proactively identify issues & opportunities impactful to the function and propose action plans
  • Engage with technical leaders and other teams across the Bank to design and deliver on concerted strategy aligned to prioritized business goals
  • As well as being a hands-on contributor, coach the engineering team, including facilitating and tiebreaking internal debate
  • Collaborate with other principal engineers to foster a strong engineering culture
  • Represent function as lead technical application security stakeholder on implementation projects
  • Lead evangelism of application security processes, tools and resources
  • Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
  • Provide expertise on secure application architecture and coding to prevent, remediate, and mitigate security vulnerabilities
  • Provide exposure analysis and remediation expertise for zero days and participate in "SWAT" response and on-call rotations for security incidents
  • Collaborate with development teams to implement a security hygiene strategy
  • Design, document, test, maintain, and provide issue resolution recommendations for highly complex security solutions
  • Track development teams against application security KRIs and devise go-to-green plans when they breach limits
  • Summarize and present application security threats, risks, and solutions to stakeholders across the organization, including developers, business and quality assurance analysts and risk partners
  • Maintain technical documentation and host training for application teams on secure development
  • Review results of dynamic and static security testing of applications pre-production to comprehensively measure an application's total security debt and plan its remediation


This is a new function being created to directly support and embed with development teams to drive adoption of security practices, reduction of security defects and enable the acceleration of application releases. Success in this role is not measured by finding defects, but preventing them.

Wells Fargo is seeking a Principal Engineer to help protect our applications and customers against today’s most advanced adversaries. You will join a team of application security professionals to not only identify threats and detect vulnerabilities, but also embed with application teams to design and code apps securely -- so they are protected Day One.

Wells Fargo Application Lifecycle Security team (ALS) tightly collaborates with the Bank's development teams to embed security in their products and practices during each phase of the software development lifecycle. Your role will be to consult with application teams on secure application planning, practices, architecture, implementation and testing. You'll embed with dev teams during "Secure Sprints" to pay down the security debt identified from security scans. This will include coaching them through security user stories and abuse cases, supporting them in adopting and configuring security frameworks, recommending and prototyping remediation for vulnerabilities detected by scanners, and collaborating with QA on functional security test planning based on the security user stories.

Pay Range

$144,400.00 - $300,000.00 Annual

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Apply now