Lead Engineer - Application Security Platform (Checkmarx | SRE & Automation)

About this role:
We are seeking a Lead Engineer to own and evolve the Checkmarx application security scanning platform at enterprise scale. This role blends Site Reliability Engineering (SRE), platform automation, and DevSecOps enablement, ensuring Checkmarx remains highly available, scalable, secure, and deeply integrated into CI/CD pipelines.
The Lead Engineer will act as the technical authority for Checkmarx, driving reliability, performance, automation, upgrades, and cloud/container modernization while partnering with Application Security, DevOps, and Engineering teams.
Key Responsibilities
Platform Ownership & Reliability (SRE)

• Own end-to-end reliability, availability, and performance of the Checkmarx SAST platform across non-prod, prod, and BCP environments
• Define and manage SLIs, SLOs, error budgets, and operational KPIs for scanning throughput, queue latency, and platform health
• Lead incident response, root cause analysis (RCA), and permanent remediation for platform outages or scan failures
• Proactively identify capacity, scaling, and performance bottlenecks (engines, managers, DB, storage, network)

Automation & Engineering Excellence

• Design and implement automation for provisioning, configuration, scaling, upgrades, and maintenance of Checkmarx components
• Build Infrastructure as Code (IaC) using tools such as Terraform, Ansible, or equivalent
• Automate routine operational tasks (engine lifecycle, scan queue tuning, data retention, index maintenance, backups)
• Reduce toil by converting manual operational work into resilient, self-healing automation

DevSecOps & CI/CD Integration

• Own and enhance Checkmarx integrations with CI/CD platforms (GitHub, Jenkins, Azure DevOps, Harness, etc.)
• Ensure seamless developer experience with pipeline-based security scanning and fast feedback loops
• Partner with Application Security teams to improve scan performance, false-positive reduction, and adoption

Observability & Monitoring

• Implement and maintain full-stack observability (metrics, logs, alerts, dashboards) using tools such as Splunk, Prometheus, Grafana, AppDynamics, etc.
• Build actionable alerts to detect scan backlog growth, engine saturation, DB/storage issues, and platform degradation
• Drive proactive monitoring rather than reactive firefighting

Modernization & Continuous Improvement

• Lead platform upgrades, hotfixes, and vendor-recommended lifecycle management
• Drive containerization and cloud-readiness initiatives for Checkmarx components where applicable
• Improve resiliency through active-active / DR strategies, backup validation, and BCP testing
• Evaluate new Checkmarx features, plugins, and security scanning enhancements

Technical Leadership

• Serve as SME and technical escalation point for Checkmarx across the enterprise
• Mentor engineers and promote SRE best practices, automation standards, and operational excellence
• Produce clear architecture, runbooks, and operational documentation
• Influence roadmap decisions with data-driven insights and engineering rigor

Required Qualifications
Core Technical Skills

• 5+ years of Systems Engineering, Technology Architecture experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 5+ years of experience in Platform Engineering, SRE, DevOps, or Systems Engineering roles
• Hands-on experience with Checkmarx (SAST) or similar AppSec scanning tools (e.g., Fortify, Veracode, SonarQube)
• Strong experience with Windows-based systems, networking, storage, and performance tuning
• Solid understanding of CI/CD pipelines and DevSecOps practices
• Proven experience applying SRE principles (SLIs, SLOs, error budgets, toil reduction)
• Strong automation skills using Python, Bash, PowerShell, or similar scripting languages
• Experience with Infrastructure as Code (Terraform, Ansible, CloudFormation, ARM, etc.)
• Expertise in monitoring, logging, and alerting platforms (Splunk, Prometheus, Grafana, AppDynamics, Elastic, etc.)
• Deep troubleshooting skills across application, OS, database, and infrastructure layers

Desired Qualifications

• Experience running security scanning platforms at enterprise scale (thousands of projects, high scan concurrency)
• Experience with container platforms (Kubernetes, OpenShift) and cloud environments (Azure, AWS, GCP)
• Knowledge of application security concepts (SAST, SDLC security, vulnerability management workflows)
• Experience with database platforms (MS SQL, PostgreSQL) and large-scale data growth management
• Prior experience leading platform modernization or large tool upgrades

What Success Looks Like

• Checkmarx platform is highly reliable, scalable, and predictable
• Scan queues are optimized with minimal developer friction
• Operational toil is significantly reduced through automation
• Incidents are rare, well-understood, and quickly remediated
• Engineering and Security teams trust and rely on the platform

This role is not eligible for visa sponsorship
Pay Range
Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to demonstrated examples of prior performance, skills, experience, or work location. Employees may also be eligible for incentive opportunities.
$119,000.00 - $187,000.00
Benefits
Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:
10 Mar 2026
* Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.