Principal Engineer - Incident Management

About this role:
Wells Fargo is seeking a Principal Engineer in Technology as part of Cybersecurity. Learn more about the career areas and lines of business at wellsfargojobs.com.
Wells Fargo is seeking a Principal Cybersecurity Engineer - Incident Management to serve as the technical leader for our enterprise Incident Management function. This role will drive major, cross-organizational initiatives focused on cyber incident readiness, real-time event response, strategic improvements to incident workflows, and modernization of the technology and processes that enable rapid and effective response to threats. You will partner closely with senior leaders, engineering teams, operations teams, threat intelligence, and business stakeholders to ensure timely response coordination, risk reduction, regulatory alignment, and continual maturation of the bank's incident response capability.
This role requires a unique blend of hands-on technical acumen, real-time decision making, long-term strategic planning, and the ability to influence diverse teams across the cybersecurity and technology landscape. You will be responsible for establishing engineering direction for incident management tooling, frameworks, playbooks, automation, and data pipelines that support detection, triage, and crisis response operations.
Visa sponsorship is not offered for this role.
In this role, you will:

• Act as an advisor to leadership to develop or influence applications, network, information security, database, operating systems, or web technologies for highly complex business and technical needs across multiple groups
• Lead the strategy and resolution of highly complex and unique challenges requiring in-depth evaluation across multiple areas or the enterprise, delivering solutions that are long-term, large-scale and require vision, creativity, innovation, advanced analytical and inductive thinking
• Translate advanced technology experience, an in-depth knowledge of the organizations tactical and strategic business objectives, the enterprise technological environment, the organization structure, and strategic technological opportunities and requirements into technical engineering solutions
• Provide vision, direction and expertise to leadership on implementing innovative and significant business solutions
• Maintain knowledge of industry best practices and new technologies and recommends innovations that enhance operations or provide a competitive advantage to the organization
• Strategically engage with all levels of professionals and managers across the enterprise and serve as an expert advisor to leadership

Technical Strategy & Leadership

• Act as a senior technical advisor to leadership on incident management technologies, event pipelines, case management systems, automation frameworks, and response tooling.
• Lead the strategy and resolution of highly complex, large-scale incident management challenges requiring advanced analytical, engineering, and operational expertise.
• Translate deep incident response and cybersecurity knowledge into engineering solutions that improve resiliency, reduce response time, and enhance visibility across the enterprise.
• Provide vision and direction on implementing next-generation incident response capabilities, including automation, orchestration, AI-enabled triage, and unified situational awareness.

Incident Management Engineering & Program Execution

• Lead end-to-end delivery of complex incident management engineering initiatives spanning operations, engineering, threat intelligence, platform teams, and senior leadership.
• Define and maintain engineering roadmaps, technical standards, KPIs, operating models, and governance for incident response systems and workflows.
• Develop and mature the enterprise incident management ecosystem, including case management, collaboration platforms, alert pipelines, knowledge repositories, and forensic/investigation tooling.
• Ensure aligned governance, cross-team coordination, and risk visibility for incident-related engineering programs.
• Drive continuous improvement of the incident lifecycle: intake, triage, investigation, escalation, containment, remediation, and post-incident review.

Operational Excellence & Cross-Functional Coordination

• Serve as a central escalation point for complex or high-severity incidents, ensuring technical clarity, stakeholder communication, and coordinated response actions.
• Partner closely with 24x7 SOC/IR teams, threat intel, platform owners, and business units to maintain operational readiness and situational awareness across incident workstreams.
• Oversee development and refinement of playbooks, runbooks, and automation to standardize and accelerate response.
• Manage dependencies, risks, and resource allocation across interconnected engineering and response initiatives.
• Ensure incident management capabilities are aligned with business risk posture, regulatory expectations, and enterprise resiliency objectives.

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
• Proven experience leading complex, multi-team, enterprise-wide programs in highly regulated organizations.
• Strong knowledge of cybersecurity incident response principles, tooling, and frameworks (e.g., case management systems, SOAR, log pipelines, forensics/investigations, event triage).
• Familiarity with SOC/IR functions, threat intelligence, detection engineering, and crisis management.
• Proficiency with program and project management tools and frameworks (e.g., JIRA, Confluence, Smartsheet, MS Project, SAFe, Agile, Waterfall/Hybrid).
• Exceptional communication skills, including executive-level reporting, stakeholder engagement, and risk/issue management.
• Ability to operate effectively across highly technical and non-technical domains, balancing operational needs with engineering constraints and business priorities.

Desired Qualifications:

• Knowledge of enterprise crisis management processes, business continuity, or emergency response coordination.
• Familiarity with cloud, endpoint, identity, and network security technologies that support incident response.
• Understanding of NIST 800-61, NIST CSF, MITRE ATT&CK, ISO, FFIEC, or other cybersecurity and regulatory frameworks.
• Experience with data engineering concepts relevant to incident management: normalization, enrichment, correlation, and workflow automation.

Job Expectations:Pay Range
Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.
$159,000.00 - $305,000.00
Benefits
Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:
25 Jan 2026
* Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.