Lead Security Engineer (Encryption Security-Hashicorp Vault)
Wells Fargo
About this role:
This position will be part of a Team that performs engineering and management of data protection technologies that include Managed HSM’s, Hashicorp Vault, Azure key Vault and other key and secret management systems. Candidates must have intermediate to advanced systems engineering experience in medium to large Enterprise environments. Must have extensive experience with Linux Server operating systems, Red Hat preferred. Experience providing production support and end to end management of HSMs and/or security appliances and/or data protection/encryption technologies including PKI. Need to be capable of creating technical/engineering documentation and have excellent written and oral communication. Must have extensive experience with scripting and automation practices. Participates in interactions with encryption technology and HSM vendors – helps to ensure vendor product engineering is in line with the objectives and security requirements of Wells Fargo and coordinates with the vendor support teams to ensure issues impacting Wells Fargo are resolved quickly and effectively. Participates in interactions with technical, engineering and non-technical partners companywide for the technologies listed above.
In this role, you will:
- Provide Tier 3 support and engineering for management of data protection technologies along with production support responsibilities for key and secret management
- Engineer/develop scripting and best practices/procedures for automation with Terraform ,Github, Ansible.
- Create technical/engineering documentation
- Participate in the research, analysis, design, testing and implementation of complex data protection technologies for the cloud
- Participates in interactions with encryption technology vendors – helps to ensure vendor product engineering is in line with the objectives and security requirements of Wells Fargo
- Work with partner Engineering Teams on identification and remediation of security vulnerabilities, and may also conduct risk assessments of Infrastructure to ensure compliance with corporate security policies and adherence to best practices.
- Performs access, configuration change and health monitoring of key and secret management platforms, which may include reviewing logs, writing scripts for automation of tasks and taking other technical actions required to keep Infrastructure healthy and highly available.
- Provide periodic 24/7 on-call support rotation and some evening work will be required either remotely from desk or on site at the Data Center.
- May provide technical guidance to less experienced staff. Given the nature of the encryption technologies, the team environment is very fast paced and requires the ability to drive to solutions as an individual and to work effectively with the team as well.
Required Qualifications:
- 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 4+ years of information security applications and systems experience
- 4+ years of experience with Linux operating system engineering or automation
- 3+ years of intermediate to advanced level skills/experience with the engineering and/or development of scripts for automation with Ansible
- 3+ years of experience with or strong conceptual understanding of encryption or related data protection technologies
Desired Qualifications:
- Must hold current certification for Hashicorp Vault
- Proven written and verbal communication skills with both Business/Management and Technical/Engineering resources
- Experience with Agile Scrum (Daily Standup, Sprint Planning and Sprint Retrospective meetings) and/or Kanban methodologies
- Experience with engineering and support of AKV, Hashicorp Vault
- Knowledge and understanding of server/file encryption technology, encryption key management and information security policies
- Knowledge and understanding of implementing infrastructure upgrades, security patches, or version upgrades
- Cloud certification for either Google or Azure
- Certified Information Systems Security Professional (CISSP)
- Knowledge and understanding of cryptography and key management
- Knowledge and understanding of leveraging and administering digital certificates, and keys for authentication and encryption
- Ability to coordinate completion of multiple tasks and meet aggressive time frames
- Customer service experience
- Experience facilitating meetings with team members in various remote locations
- Advanced problem solving and technical troubleshooting capabilities
Job Expectations:
- Telecommuting is not an option for this position
- This position offers a hybrid work schedule
- Relocation assistance in not available for this position
- This position is not eligible for visa sponsorship
- Participate in on-call rotation and work off hours as needed
Pay Range
Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.
$111,100.00 - $237,100.00Benefits
Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.
- Health benefits
- 401(k) Plan
- Paid time off
- Disability benefits
- Life insurance, critical illness insurance, and accident insurance
- Parental leave
- Critical caregiving leave
- Discounts and savings
- Commuter benefits
- Tuition reimbursement
- Scholarships for dependent children
- Adoption reimbursement
Posting End Date:
20 Jul 2025*Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.