Cyber Defense Principal Engineer

About this role:
Wells Fargo is seeking a Cyber Defense Principal Engineer to serve as a senior technical leader responsible for designing, advancing, and operationalizing enterprise-wide detection, response, and threat-mitigation capabilities.
In this role, you will

• Engineer and optimize enterprise detection and response platforms (SIEM, SOAR, EDR, NDR, cloud-native tools) to improve coverage, resilience, and time-to-detect/respond.
• Develop high-quality detections leveraging threat models, behavior analytics, MITRE ATT&CK, and intelligence-driven TTPs-balancing fidelity with operational efficiency.
• Build automated response playbooks and investigation tooling to streamline SOC/IR workflows and reduce MTTD/MTTR.
• Strengthen telemetry pipelines (onboarding, normalization, enrichment, schema governance, retention) for critical systems, identity providers, and cloud services.
• Operationalize threat intelligence by translating IOCs/TTPs into actionable detections and mitigations; prioritize emerging risks.
• Serve as a technical escalation point during major incidents, guiding log analysis, forensics, containment, and recovery efforts.
• Partner closely with Cloud, Infrastructure, IAM, DevSecOps, and Application Security to embed controls and ensure defense-in-depth across the stack.
• Lead evaluations and POCs of new technologies; drive continuous improvement of risk-based metrics and reporting.
• Mentor engineers and contribute to engineering standards, runbooks, and best practices.

Required Qualifications

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 5+ years in Cyber Defense, Detection Engineering, or Security Operations.
• 5+ years of experience in SIEM/SOAR platforms (e.g., Splunk, Azure Sentinel, Elastic) and analytics pipelines.
• 5+ years of experience in cloud security (Azure, AWS, GCP), endpoint and network telemetry, and identity security logging.
• 3+ years of experience in MITRE ATT&CK, threat hunting, adversary emulation, and behavior-based detections.
• 3 years in Python, PowerShell, or Bash for automation and tooling.

Desired Qualifications

• Experience with cloud-native security services (Azure Defender/Microsoft Defender for Cloud, AWS GuardDuty, GCP SCC).
• Familiarity with container security (Kubernetes, AKS/EKS/GKE) and CI/CD ecosystems.
• Certifications such as GIAC (GCIA, GCDA, GCTI, GCFE), OSCP, CISSP, or cloud security credentials.
• Excellent communication and stakeholder management skills in a risk-managed, regulated environment.
• Proven ability to lead complex initiatives, influence technical direction, and deliver outcomes at enterprise scale.

Job Expectations:

• This position offers a hybrid work schedule
• This position is not eligible for Visa sponsorship

Locations:

• $159,000 - $254,000 - Charlotte, NC
• $159,000 - $254,000 - Chandler, AZ
• $159,000 - $254,000 - Irving, TX
• $175,000 - $279,000 - Minneapolis, MN
• $191,000 - $305,000 - Iselin, NJ
• $191,000 - $305,000 - McLean, VA

Pay Range
Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.
$159,000.00 - $305,000.00
Benefits
Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:
29 Jan 2026
* Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.