Lead Information Security Engineer - Data at Rest Encryption Infrastructure Engineering and Delivery

Wells Fargo

posted 2 months ago

Full-time - Mid Level
Onsite
Credit Intermediation and Related Activities

About the position

Wells Fargo is seeking a motivated Lead Information Security Engineer to join an exciting, fast-paced team working on cutting-edge encryption, tokenization, and key management technologies that are leveraged to protect information companywide. This role will provide technical leadership and be an individual contributor to teams that design, deploy, and operationally maintain cryptographic products and services including Hardware Security Modules (HSMs) and security appliances. The ideal candidate will have demonstrated experience in the design and deployment of cryptographic products in physical, virtual, and containerized environments. Additionally, the candidate should have experience in automating processes including product builds, operational maintenance, and customer integration and onboarding. This role reports directly to the Senior Manager for the Encryption, Tokenization, and Key Management team. In this role, you will drive design, deployment, and automation strategies for encryption, tokenization, and key management products and services including Hardware Security Modules, security appliances, and security applications deploying in physical, virtual, and containerized environments. You will provide technical guidance and oversight to teams and team members responsible for product delivery and operational maintenance. Developing and maintaining documentation including design and build guides, deployment strategies, automation guides, and operational processes will be a key responsibility. You will also participate in research, analysis, and evaluation of new cryptographic products and services, as well as participate in Proof of Concept (POC) testing and demonstrations for new cryptographic products and services. Supporting company-driven audits, gathering evidence of compliance to company policies, and driving product enhancements when needed to remediate findings will be part of your duties. You will conduct technical investigations of incidents to identify causes and recommend future mitigation strategies. Collaboration across Wells Fargo teams, including compliance, security architecture, and security evaluation teams, will ensure that cryptographic products are compliant with company policies. You will work with vendors to understand the technology vendor's roadmap, help to influence that roadmap, and ensure requests for technology/product enhancements meet the needs of Wells Fargo. Additionally, you will work with partner engineering teams on the identification and remediation of security vulnerabilities and may conduct risk assessments of infrastructure to ensure compliance with corporate security policies and adherence to best practices. Supporting incident response, root cause analysis, and corrective action activities will also be part of your responsibilities. You will oversee a team of engineers and influence design/architecture decisions regarding encryption infrastructure to support our line of business customers, ensuring design decisions consider blast radius and business resiliency requirements to reduce or eliminate impact during service changes or DDoS type events, among others.

Responsibilities

  • Drive design, deployment and automation strategies for encryption, tokenization and key management products and services including Hardware Security Modules, security appliances and security applications deploying in physical, virtual, and containerized environments.
  • Provide technical guidance and oversight to teams and team members responsible for product delivery and operational maintenance.
  • Develop and maintain documentation including design and build guides, deployment strategies, automation guides and operational processes.
  • Participate in research, analysis and evaluation of new cryptographic products and services.
  • Participate in Proof of Concept (POC) testing and demonstrations for new cryptographic products and services.
  • Support company driven audits, gather evidence of compliance to company policies, and drive product enhancements, when needed, to remediate findings.
  • Conduct technical investigation of incidents to identify causes and recommend future mitigation strategies.
  • Collaborate across Wells Fargo teams, including compliance, security architecture and security evaluation teams to ensure cryptographic products are compliant to company policies.
  • Work with vendors to understand the technology vendor's roadmap, help to influence that roadmap, and ensure requests for technology/product enhancements are meeting the needs of Wells Fargo.
  • Work with partner engineering teams on identification and remediation of security vulnerabilities and may also conduct risk assessments of infrastructure to ensure compliance with corporate security policies and adherence to best practices.
  • Support incident response, root cause analysis and corrective action activities.
  • Oversee team of engineers and influence design/architecture decisions regarding encryption infrastructure to support our line of business customers.
  • Ensure design decisions consider blast radius and business resiliency requirements to reduce / eliminate impact during service changes or DDOS type events.

Requirements

  • 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
  • 5+ years of intermediate to advanced level experience with scripting/automation using tools such as: Bash, PowerShell, Python, Ansible, VBScript, or JavaScript, UI path, etc.
  • 5+ years of Linux and Windows server experience.
  • 4+ years of experience with encryption or tokenization and key management technologies.
  • 4+ years of experience performing builds, administration and/or support of hardware security modules or security appliance devices.
  • 4+ years of Advanced Knowledge of Cryptographic protocols & algorithms.
  • 4+ years of Understanding of (format preserving encryption) FPE, tokenization and TDE (transparent data encryption) etc.
  • 3+ years of Subject Matter Expert experience designing solutions for Data at Rest encryption using Thales Vormetric DSM and CipherTrust Manager appliances.

Nice-to-haves

  • Experience with DevOps and CI/CD automated build and deployment processes.
  • Advanced scripting skills specifically around log rotation, data collection, error collection and alerting.
  • Experience designing, developing, and implementing synthetic transactions for the monitoring of applications and/or infrastructure.
  • Experience with Puppet/Chef/Ansible or similar automation tools.
  • Experience with Agile Scrum or Kanban methodologies.
  • Public cloud engineering or support experience.
  • Experience performing technical product assessments, including development of implementation plans, in a large enterprise.
  • Security certifications such as CISSP, GIAC or equivalent.
  • Cloud certifications such as AZ-900, MS-900 or equivalent/higher.
  • Experience implementing infrastructure upgrades, security patches, or version upgrades.
  • Experience with Splunk.
  • Experience with Hardware Security Modules, such as Thales, Entrust, Futurex or Fortanix.
  • Financial services industry experience.

Benefits

  • Health insurance
  • Dental insurance
  • Vision insurance
  • 401k
  • Paid holidays
  • Flexible scheduling
  • Professional development
  • Tuition reimbursement
  • Employee discount programs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service