Information Security Engineer 6 - Cloud Security

Job Description
Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume prior to submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as "Personal Cell" or "Cellular" in the contact information of your application.
At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo's more than 70 million global customers.
The Cloud & Platform Security Solutions Engineering (CPSSE) team is part of the Information Security (IS) group under Wells Fargo Technology.
CPSSE provides security solutions engineering for all Cloud and Distributed Systems platforms through innovation, commitment and accountability, and delivery of quality products and services. Position is responsible for security solutions design, implementation, consulting, and security governance guidance around cloud platforms, virtualization technologies, containerization, security controls, and emerging technologies. Position will be responsible to apply in-depth Information Security experience, knowledge, and breadth in order to provide solutions for emerging cloud platforms and technology security risks, and improve the enterprise's security posture. Position acts as a liaison to the owning technology LOB or area, cloud security program and supporting projects, Information Security (IS) focus areas, and peer teams across Information Security and Wells Fargo's Technology organization, to understand business processes and requirements and then provides security solutions design to enable risk mitigation across the enterprise.
This requisition has (10) openings for technical senior lnformation Security Engineer (ISE6) positions.
Roles & Responsibilities may include:

  • Serve as one of the senior level cloud security engineers / DevSecOps engineer / SME's for high visibility cloud computing initiatives
  • Evangelize opportunities, challenges, and security advantages of integrated cloud services
  • Analyze and design cloud security capabilities encompassing: DevOps, automation, access, connectivity
  • Analyze and design controls to secure different cloud deployment and service models
  • Architect, design, and implement secure cloud frameworks
  • Design, manage, and execute transformation required for Public Cloud
  • Develop and implement secure CI/CD pipelines
  • Proactively partner to update CI/CD pipelines based on trends identified in the environment
  • Develop and implement cloud-based procedures, security baselines, continuous monitoring, and compliance checks
  • Develop and implement opportunities to virtualize, automate, and develop infrastructure as code
  • Leverage agility and scalability of DevSecOps and automated governance utilizing secure infrastructure as code
  • Harden infrastructure, platforms, workloads, and services
  • Review/update security policies, standards, requirements, and solutions covering different cloud deployment and service models
  • Proactively prioritize, analyze and address complex problems and incidents to ensure the highest level of environment stability and availability
  • Develop, document and implement a greenfield framework for cloud optimization leveraging industry best practices (including but not limited to CSA, CIS, NIST, FedRAMP, OWASP, etc.) to ensure a secure, least privileged model
  • Devise a strategy to develop and implement cloud infrastructure to enable public cloud environments and interconnect to on-prem legacy environments
  • Devise a strategy to transition from traditional access management best practices to role based access management strategies aligned and scalable for the cloud
  • Partner with stakeholders to assess public & on-prem cloud services implementation and automation opportunities
  • Develop and maintain relationships with business and IT partners, engineering and implement automation solutions that balance business agility, operational maintainability, and risk reduction
  • Work with leaders and team members at all levels and across functional lines
  • Critical thinking skills to question status quo
  • Utilize analytical skills and the ability to think outside the box
  • Strong ability to learn and solution for new and emerging technologies, and adapting to change

Open to all Wells Fargo Major Hub Locations including telecommute.

Required Qualifications
  • 10+ years of information security applications and systems experience
  • 5 + years of cloud computing experience
  • 5+ years of experience with Cloud technologies
  • 5+ years of experience with building, deploying and securing cloud platforms
  • 4+ years of public cloud experience
  • 4+ years of configuration experience with Cloud service providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP) or MS Azure
  • 3+ years of experience with secure DevOps and deployment automation to cloud environments


Desired Qualifications
  • Expert knowledge and understanding of information security practices and policies, including Information Security Frameworks, Standards, and best practices
  • Ability to manage highly complex issues and negotiate solutions
  • Excellent verbal and written communication skills
  • Ability to interact and communicate effectively with all levels of an organization; including at the executive level
  • Cloud security certification such as Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Professional (CCP) or Cloud Computing Architect (CCA)
  • Certified Information Systems Security Professional (CISSP)
  • Cloud vendor certification such as VMware Certified Professional (VCP) or AWS Certified Solutions Architect
  • 3+ years of experience utilizing Cloud Infrastructure within tools and applications such as AWS Cloud Formation Templates, Spinnaker and Terraform
  • 6+ years of public cloud experience
  • Experience with Ansible automation tool
  • Knowledge and understanding of technology deployment: guides, configuration scripts, and configuration template development
  • Knowledge and understanding of information security engineering, development, and implementation
  • Knowledge and understanding of DevOps principles
  • Scripting and automation experience
  • 4+ years of experience with scripting languages such as Bash, PowerShell, Python, Shell, VBScript, or JavaScript
  • 4+ years of Python experience
  • Knowledge and understanding of system monitoring and automation
  • Experience utilizing PowerShell, Bash, Perl, or Python to automate complex manual tasks
  • Experience with RESTful API calls
  • Knowledge and understanding of SOA (Services Oriented Architecture)
  • Knowledge and understanding of Agile
  • Experience with Agile Scrum (Daily Standup, Sprint Planning and Sprint Retrospective meetings) and Kanban
  • Knowledge and understanding of technology code: repository utilization and management in support of engineering practices
  • 1+ years of experience with repository or artifact management tools such as Artifactory or Nexus
  • Knowledge and understanding of automation and engineering release development
  • Knowledge and understanding of components such as framework, security or authentication, event driven architecture and tool sets for problem monitoring and solving
  • Knowledge and understanding of monitoring the development of security vulnerabilities, threats, exposures, associated risk, and mitigating solutions
  • Knowledge and understanding of security monitoring solutions
  • Knowledge and understanding of network automation development through scripting
  • Knowledge and understanding of network virtualization
  • Knowledge and understanding of firewall and networking
  • Knowledge and understanding of security technologies and concepts including: defense in principles, antivirus, firewall data and Intrusion Detection Systems (Host, network, Wireless)
  • Knowledge and understanding of network security architectures and standards development
  • Knowledge and understanding of network or network security
  • 5+ years of Network experience
  • 3+ years of IAM (Identity and Access Management) experience
  • IAM (Identity and Access Management) experience
  • Knowledge and understanding of security technologies and concepts including identity management, single sign on, directory services, role based access control, cryptographic algorithms, mutual authentication and certificate management
  • IDaas (IDentity as a Service) solutions experience
  • Knowledge and understanding of SAML (Security Assertion Markup Language)
  • 3+ years of experience securing public cloud deployments on Google Cloud Platform (GCP), AWS and Azure
  • Knowledge and understanding of diverse platforms and operating systems, including current and emerging technologies
  • 2+ years of virtualization technologies experience
  • Experience securing IaaS/PaaS private cloud or DevOps environments
  • 2+ years of experience with workload and service isolation in cloud and distributed platforms
  • Experience securing public SaaS cloud deployments
  • 3+ years of risk management and mitigation experience
  • Knowledge and understanding of Information Security Frameworks and standards (FFIEC, NIST, ISO)
  • Knowledge and understanding of Cloud computing, PaaS design principles and micro services and containers
  • Knowledge and understanding of security issues and hardening best practices
  • Experience working with cloud access security brokers
  • Experience working with cloud security management or governance tools
  • Knowledge and understanding of application or software security such as: web application penetration testing, secure code review, secure static code analysis
  • Knowledge and understanding of application security planning and security architecture
  • Knowledge and understanding of application deployment model: design, implementation, and maintenance
  • Knowledge and understanding of software development life cycle (SDLC): code control, build and deployment
  • Knowledge and understanding of technology deployment: application versions and upgrades into complex and large scale environments
  • Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats
  • Knowledge and understanding of known and emerging information threats and mitigating controls
  • Knowledge and understanding of establishing or managing cyber threat management capabilities and functions
  • 2+ years of information security experience including experience in one or more of the following security disciplines: information security monitoring, incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, or cyber threat intelligence
  • Virtual leadership experience with ability to effectively drive results, provide feedback/direction, and manage and build relationships with leaders and team members in a geographically dispersed team environment
  • Ability to assess issues, make quick decisions, implement solutions, and influence change
  • Ability to influence and build relationships with LOB stakeholders, technology CIO leadership, external service providers, and architecture teams
  • Leadership skills including the ability to influence effectively in a matrix environment
  • Ability to interact with all levels of an organization
  • Ability to influence management on technical or business solutions
  • Experience resolving and working through escalated and complex issues
  • Excellent verbal, written, and interpersonal communication skills
  • Outstanding problem solving and decision making skills


Other Desired Qualifications
  • 3+ years of experience in cloud automation, Secure DevOps, test and deployment automation, security scanning, and related concepts and tools (Gitlab, Jenkins, Spinnaker, etc.)
  • Experience with AWS APIs
  • Experience automating routine cloud operations and deployment tasks
  • 5+ years of experience in Cloud Operations and Site Reliability
  • Experience building cloud management and monitoring capabilities
  • 3+ years of experience in designing and building AWS Services such as VPC, Route53, Transit Gateways, Internet Gateways, Direct Connect, Customer Gateways, Security Groups, ELB, ALB, VPN, and VPC Peering
  • 2+ years of experience in deploying cloud automation and related network control capabilities
  • 5+ years of experience in cloud IAM engineering and solutions experience
  • 3+ years of experience with credential and secrets management in cloud environments
  • 3+ years of experience in federated identity (IE: Okta, Ping, OAuth, SAML, etc.)
  • Experience with Docker, kubernetes, or other similar container solutions
  • Solid understanding of cloud-native constructs
  • Asset Lifecycle Management experience
  • Compliance and configuration management experience
  • Experience with tagging and metadata
  • RBAC and least privileged principles
  • Process engineering/re-engineering experience
  • GIAC or ISC2 (CISSP, CCSP, or other) industry security certifications
  • Ability to self-identify problems and gaps, and recommend potential solutions
  • Ability to work and problem solve across multiple issues and tasks at a time
  • Adapts to new and emerging technologies and business objectives
  • Assists leadership in mapping of assigned goals and tasks
  • Provides active participation and leadership in team duties and responsibilities
  • Works well under self-direction on assigned tasks
  • Works well with partner teams and peers toward established goals and timelines


Job Expectations
  • Ability to work on call as assigned
  • Flexibility to frequently be on call beyond normal working hours
  • Ability to travel up to 10% of the time


Disclaimer

All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.



Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.


Back to top