What are the responsibilities and job description for the Security Configuration Baseline Engineer (contract) position at Wells Fargo?
Description
Title: Security Configuration Baseline Engineer
Location: Chandler, AZ
Alternative Location: Irving, TX/ Charlotte, NC
Duration: 12 months
Work Engagement: W2
Work Schedule: Hybrid 3 days in office/2 days remote
Benefits on offer for this contract position: Health Insurance, Life insurance, 401K and Voluntary Benefits
Summary:
In this contingent resource assignment, you may: Consult on complex initiatives with broad impact and large-scale planning for Information Security Analysis. Review and analyze complex multi-faceted, larger scale or longer-term Information Security Analysis challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors. Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables. Strategically collaborate and consult with client personnel. Required Qualifications: Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education.
Key Responsibilities:
Security Configuration Baseline Engineering
Title: Security Configuration Baseline Engineer
Location: Chandler, AZ
Alternative Location: Irving, TX/ Charlotte, NC
Duration: 12 months
Work Engagement: W2
Work Schedule: Hybrid 3 days in office/2 days remote
Benefits on offer for this contract position: Health Insurance, Life insurance, 401K and Voluntary Benefits
Summary:
In this contingent resource assignment, you may: Consult on complex initiatives with broad impact and large-scale planning for Information Security Analysis. Review and analyze complex multi-faceted, larger scale or longer-term Information Security Analysis challenges that require in-depth evaluation of multiple factors including intangibles or unprecedented factors. Contribute to the resolution of complex and multi-faceted situations requiring solid understanding of the function, policies, procedures, and compliance requirements that meet deliverables. Strategically collaborate and consult with client personnel. Required Qualifications: Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work or consulting experience, training, military experience, education.
Key Responsibilities:
Security Configuration Baseline Engineering
- Design, engineer, and operationalize security configuration baselines across enterprise cloud environments.
- Translate policies, risk requirements, and industry standards into codified, enforceable security baselines.
- Create and maintain baseline‑as‑code to support preventative controls, drift detection, and auditability.
- Own baseline lifecycle management, including versioning, validation, and exception handling.
- Implement and manage security baselines within cloud platforms (Azure and GCP preferred).
- Configure and optimize cloud‑level guardrails (e.g., management groups, folders, org policies).
- Support a centralized Cloud Security Benchmark (CSB) system as the authoritative source of record.
- Ensure consistent baseline enforcement at enterprise scale.
- Map security baselines to industry standards and authoritative sources (NIST, CIS Benchmarks, CSA, ISO).
- Partner with Risk, Compliance, and Audit teams to ensure traceability, defensibility, and audit readiness.
- Support regulatory, risk, and audit inquiries by producing clear, structured documentation and evidence.
- Develop and maintain Python scripts and automation to support control validation, reporting, and drift detection.
- Integrate security baselines into Infrastructure as Code (Terraform) and CI/CD pipelines.
- Enable automated exception workflows and governance processes where applicable.
- Work closely with cloud platform, GRC, DevOps, and application teams to operationalize security requirements.
- Independently drive deliverables while collaborating across multiple enterprise stakeholders.
- Applicants must be authorized to work for ANY employer in the U.S. This position is not eligible for visa sponsorship.
- Cloud technology experience, with a strong focus on cloud or platform security.
- Fisk and control experience, preferably in a regulated enterprise environment.
- Cloud Security Posture Management (CSPM) or equivalent security configuration control experience.
- Software development experience, primarily Python scripting for automation.
- Hands‑on experience with security configuration baselines or hardening standards.
- Strong working knowledge of:
- Azure and/or Google Cloud Platform
- Policy‑as‑Code / guardrail frameworks
- Infrastructure as Code (Terraform)
- Ability to translate written standards into machine‑enforceable requirements.
- Practical experience mapping controls to:
- CIS Benchmarks
- NIST frameworks
- CSA and similar authoritative sources
- Strong understanding of security baselines and configuration governance.
- Proven ability to produce audit‑ready, structured documentation.
- Strong written communication skills across technical, executive, and audit audiences.
- Detail‑oriented mindset with emphasis on control traceability and defensibility.
- Experience with a baseline as code program
- Familiarity with cloud organization level controls (management groups, folders, org policies)
- Experience with CI/CD integration of security controls
- Exposure to risk management, audit response, or regulatory examinations
- Background in automating governance processes (exception workflows, control validation, reporting)