Lead Infrastructure Security Engineer Data at Rest Encryption

About this role
Join an exciting, fast-paced organization working on cutting edge encryption, tokenization and key management technologies, leveraged to protect information companywide. Wells Fargo is seeking a Lead Information Security Engineer working with CipherTrust Transparent Data Encryption. This role requires strong Information Technology and Information Security foundational knowledge, as well as experience with and awareness of encryption and key management technologies and engineering practices. The role closely partners with stakeholders across Wells Fargo Technology Infrastructure, Cybersecurity and lines of business to drive information protection product delivery, support business priorities and oversees the allocation of people and financial resources to ensure commitments are met and align with strategic objectives.
In this role, you will:

• Focus on delivering commitments aligned to enterprise strategic priorities
• Build support for strategies with business and technology leaders
• Guide development of actionable roadmaps and plans
• Identify opportunities and strategies for continuous improvement of product delivery practices
• Set risk management guidelines and partner with stakeholders to implement key risk initiatives
• Collaborate and influence all levels of professionals including more experienced managers
• Interface with external agencies, regulatory bodies, or industry forums
• Interpret and develop range of policies and procedures for functions with moderate to higher complexity and risk
• Lead efforts to facilitate / manage projects, products, strategic plans and execute other operational aspects on behalf of leader
• Lead efforts to define / manage required business plans (i.e. draft proposals & plans) and support related initiatives across products - including analyzing & identifying opportunities for efficiencies and innovation across internal processes and the tools to support.
• Support the product line general manager to solve problems, manage disputes and deal with any issues impacting the TI organization.

Required Qualifications:

• 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• Hands-on experience designing, deploying, and operating Thales CipherTrust Transparent Encryption (CTE) for unstructured data at rest, including file, folder, and volume-level encryption
• Deep understanding of CTE agent architecture, GuardPoints, policies, and In-Place / Live Data Transformation (IDT/LDT) concepts and trade-offs
• Proven experience administering CipherTrust Manager (formerly DSM/Vormetric) for: Centralized key lifecycle management, Policy enforcement and Audit and access logging
• Strong engineering experience with Linux (RHEL, SLES), Windows, and AIX in enterprise environments
• Practical knowledge of supported file systems (e.g., ext3/ext4, NTFS, NFS, raw disk encryption scenarios) and their interaction with CTE agents
• Ability to assess kernel compatibility, AES-NI requirements, and host readiness prior to encryption enablement
• Strong understanding of data-at-rest encryption principles, including: Threat models beyond disk theft (privileged user access, data exfiltration), Why file/folder-level encryption is required in addition to disk encryption, Knowledge of AES-256 encryption, hardware acceleration (AES-NI), and performance considerations in high-IO workloads and Experience operating encryption solutions in regulated environments
• Experience deploying and managing CTE agents using automation frameworks (e.g., Ansible) rather than manual installs
• Ability to design repeatable, scalable onboarding patterns for thousands of hosts and large NAS environments
• Familiarity with change management constraints (reboots, maintenance windows, encryption sequencing) in production systems

Desired Qualifications:

• 5+ years of advanced information security architecture, design, or consulting experience
• Strong knowledge of hardware security modules (HSMs) and/or security appliances
• Strong knowledge of certificate ciphers and encryption algorithms.
• Strong knowledge, understanding and prior experiences with regulatory drivers impacting a complex and dynamic global technology environment.
• MS or MBA degree in Business, Finance, Computer Science, Engineering, or related fields
• CISSP or CISM or CISA certifications
• Microsoft Azure and/or Google Cloud certifications

• Practical experience building security solutions through abstraction layer and automation practices.
• Policy development experience
• Experience with the development and execution of strategy in a large enterprise
• Experience creating visually dynamic presentations

Job Expectations:

• Ability to work on-site in one of the listed locations in a hybrid environment
• This position is not available for visa sponsorship

Pay Range
Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to demonstrated examples of prior performance, skills, experience, or work location. Employees may also be eligible for incentive opportunities.
$119,000.00 - $224,000.00
Benefits
Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:
26 Jun 2026
* Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.