×
Register Here to Apply for Jobs or Post Jobs. X

Principal Engineer - Application Security: Secure Development

Job in San Francisco, San Francisco County, California, 94102, USA
Listing for: Wells Fargo
Full Time position
Listed on 2026-07-17
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below

Principal Engineer, Application Security

Application Security enhances the ability of the development organization to consistently deliver highly functional applications that are secure and resilient against attack. We develop policies, processes, controls and tools to proactively embed security into Wells Fargo-developed applications.

Wells Fargo is seeking a Principal Engineer who will lead a team of Application Security Champions (ASCs) that support Wells Fargo's Technology development teams, which deliver centralized shared services to our lines of business. ASCs promote and enable the security awareness to protect the Bank's applications by conducting vulnerability and fix reviews and training developers in secure coding best practices.

In this role, you will:

  • Act as an advisor to leadership to develop or influence applications, network, information security, database, operating systems, or web technologies for highly complex business and technical needs across multiple groups
  • Lead the strategy and resolution of highly complex and unique challenges requiring in-depth evaluation across multiple areas or the enterprise, delivering solutions that are long-term, large-scale and require vision, creativity, innovation, advanced analytical and inductive thinking
  • Translate advanced technology experience, an in-depth knowledge of the organizations tactical and strategic business objectives, the enterprise technological environment, the organization structure, and strategic technological opportunities and requirements into technical engineering solutions
  • Provide vision, direction and expertise to leadership on implementing innovative and significant business solutions
  • Maintain knowledge of industry best practices and new technologies and recommends innovations that enhance operations or provide a competitive advantage to the organization
  • Strategically engage with all levels of professionals and managers across the enterprise and serve as an expert advisor to leadership
  • Lead and mentor a federated network of Application Security Champions (ASCs), establishing standards, playbooks, and metrics to scale secure development practices consistently across non CIO engineering teams
  • Drive integration of application security controls into CI/CD pipelines and developer tooling, enabling automated detection and remediation of vulnerabilities across the software development lifecycle
  • Oversee threat modeling, vulnerability assessments, and secure design reviews for complex, high risk applications and shared services, ensuring alignment with enterprise security policies and standards
  • Champion secure adoption of emerging technologies, including AI/LLM-enabled applications, by defining guardrails, patterns, and risk mitigation strategies for safe enterprise use

Required Qualifications:

  • 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • 7+ years Application Security Engineering
  • Experience building AI/LLM Application Security scalable solutions for enterprise production environments

Desired

Qualifications:

  • Demonstrated deep, hands-on expertise in:
    • Secure application architecture and design
    • Secure coding practices and code-level vulnerability analysis
    • Threat modeling and abuse case analysis
    • Authentication, authorization, session management, API security, and secrets management
    • Common application vulnerabilities and exploit patterns (e.g., OWASP Top 10, deserialization, injection, SSRF, access control issues, insecure design, dependency risk)
  • Strong hands-on experience securing applications built in one or more modern technology stacks such as Java,.NET, Python, JavaScript/Type Script, Node.js, Go, or similar.
  • Experience integrating security into CI/CD pipelines, developer workflows, and engineering platforms.
  • Experience with one or more of the following: SAST, SCA, DAST, IaC scanning, container security, API security testing, code review, threat modeling, runtime protection, or software supply chain security controls.
  • Hands-on experience with AI security, including securing AI-enabled applications or advising engineering teams…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary