Principal Engineer - Secure by Design; AppDev/SDLC/Crypto CTO/DCMS Security Solution Architect

About this role:
Wells Fargo is seeking a Principal Engineer within our Cybersecurity organization. This individual will serve as a AppDev/SDLC/Crypto CTO/DCMS Security Solution Architect for our Secure by Design team. This is a senior technical expert responsible for ensuring security is fundamentally integrated into the design and architecture of Wells Fargo's technology products and platforms. Operating across the full lifecycle, this role requires a blend of deep domain expertise and broad, adaptable knowledge to provide real-time, context-aware security guidance. You will act as a key partner to product owners, solution architects, and engineers to build secure, resilient, and innovative solutions.
In this role, you will:

• Embed directly with product and platform teams to provide continuous security guidance from ideation and business case formation through to deployment and sunset.
• Design and champion secure-by-design integrations for a wide array of technologies, including Zero Trust Implementations, Cloud-Native, Ephemeral and Containerized Microservices, AI/ML, Edge Computing and IoT, Quantum, Trusted Compute, Distributed Ledger, and Unified Data Analytics.
• Serve as a subject matter expert in multiple security domains such as application security, cryptography, identity and access management, network security, and AI security.
• Translate complex business and technical requirements into actionable security controls and solutions.
• Proactively identify and mitigate security risks early in the development lifecycle to prevent costly rework and reduce the corporate attack surface.
• Contribute to the creation of reusable, secure-by-default frameworks and self-service tools to empower engineering teams.

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

Desired Qualifications:

• 10+ years of experience in information security, with a focus on security architecture or product security.
• Demonstrated expertise in at least two of the following domains: application security, cloud security (AWS, Azure, GCP), data security, cryptography, network security, or AI/ML security.
• Proven ability to operate in agile, fast-paced environments and engage effectively across a wide variety of technology stacks and business domains.
• Strong understanding of secure development lifecycle (SDLC) processes, DevSecOps principles, and threat modeling.
• Excellent communication skills, with the ability to influence and articulate complex security concepts to both technical and non-technical stakeholders.
• Relevant industry certifications (e.g., CISSP, CISM, CSSLP, GCSA) are highly desirable.
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience.

Job Expectations:

• Ability to work on-site in one of the listed locations. This is a hybrid work environment with no option for fully remote work.
• This position is not available for visa sponsorship.
• Ability to travel up to 15% of the time.