Information Security Engineering Senior Manager

About this role:

Wells Fargo is seeking an Information Security Engineering Senior Manager for our Application Security Team.

In this role, you will:

• Provide Program Leadership & Operational Execution, Technical & Security Leadership
• Lead day-to-day operational execution of Application Security programs
• Partner with leadership on strategy development and execution
• Coordinate and implement assigned projects and initiatives
• Establish and track performance goals and operational metrics for self and team
• Monitor team deliverables to ensure timeliness, quality, and alignment with expectations
• Strengthen integration of AppSec controls across enterprise tools and CI/CD pipelines
• Improve workflow alignment between Security Architecture and Application Security functions
• Design and implement repeatable, scalable, and automated AppSec processes
• Drive prioritization frameworks aligned with enterprise risk and business objectives
• Enhance transparency and reporting of AppSec processes, execution status, and outcomes
• Provide hands-on technical leadership in tooling integration, automation, and process execution
• Lead implementation of shift-left security strategies while maintaining strong developer experience within Wells Fargo’s internal tooling ecosystem
• Recommend mitigation strategies for identified application security risks
• Serve as an AppSec representative in cross-functional governance and technical forums
• Partner with AppSec governance teams to support control development, validation, and testing
• Collaborate with control management and cybersecurity leadership to design new security controls
• Support internal and external audits, regulatory reviews, and third-party assessments
• Implement ongoing product (internal and vendor) enhancements and fine-tuning of rules to increase the precision in identifying and prioritizing application security defects.
• Manage upgrades, resiliency, continuity, and compliance with enterprise standards.

Required Qualifications:

• 7+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of management or leadership experience
• 3+ years managing teams of 10–12 application security engineers
• Deep expertise across core Application Security domains SAST, DAST, SCA, Secrets management and detection
• Strong experience integrating SAST, DAST, and SCA tools into SDLC workflows and source code repositories
• Deep expertise across core Application Security domains SAST, DAST, SCA, Secrets management and detection, Infrastructure as Code (IaC)
• Proven experience evaluating and managing multiple AppSec tooling vendors
• Advanced knowledge of GitHub, Jira, ServiceNow, Jenkins, Harness, and CI/CD ecosystems
• Strong understanding of OWASP standards and MITRE CVE/CWE frameworks
• Extensive experience implementing and maturing Secure Software Development Lifecycle (SSDLC) practices across Agile and custom development frameworks
• Familiarity with AI/LLM-enabled development tooling (e.g., Cursor, GitHub Copilot, custom LLM integrations), including auto-remediation capabilities using AI, and governance considerations
• Demonstrated ability to lead cross-functional initiatives, drive workflow integration, and prioritize enterprise-level initiatives
• Strong leadership skills with the ability to foster a collaborative, high-performance team culture grounded in continuous learning and improvement
• Excellent written, verbal, and executive-level presentation skills
• Proven leadership in highly regulated environments with strong project and program management capabilities

Desired Qualifications:

• 5 + years – Development experience in more than one language
• 3 + years of using the IaC to configure, build, and deploy
• 2+ years of DevSecOps / Automation experience
• Relevant industry certifications such as CISM, CISSP, CSSLP, or equivalent
• Hands-on experience with vendor tools Checkmarx, Blackduck, Prisma, Trufflehog, GHAS, Synk, Socket
• Experience developing customization in .NET core, ASP. Net, API development and custom services
• Master’s degree or equivalent bachelor’s in information technology, Cybersecurity, Computer Science, or related discipline (or equivalent professional experience and certifications)

Job Expectations:

• This position offers a hybrid work schedule
• This position is not eligible for Visa sponsorship

Salary Ranges:

• $159,000 - $254,000 - Charlotte, NC
• $159,000 - $254,000 - Chandler, AZ
• $159,000 - $254,000 - Irving, TX
• $191,000 - $305,000 - Iselin, NJ
• $191,000 - $305,000 - San Francisco, CA

Pay Range

Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to demonstrated examples of prior performance, skills, experience, or work location. Employees may also be eligible for incentive opportunities. $159,000.00 - $305,000.00

Benefits

Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:

21 Apr 2026*Job posting may come down early due to volume of applicants.