Cyber Defense Principal Engineer
About The Position
Wells Fargo is seeking a Cyber Defense Principal Engineer to serve as a senior technical leader responsible for designing, advancing, and operationalizing enterprise‑wide detection, response, and threat‑mitigation capabilities. In this role, you will Engineer and optimize enterprise detection and response platforms (SIEM, SOAR, EDR, NDR, cloud‑native tools) to improve coverage, resilience, and time‑to‑detect/respond. Develop high‑quality detections leveraging threat models, behavior analytics, MITRE ATT&CK, and intelligence‑driven TTPs—balancing fidelity with operational efficiency. Build automated response playbooks and investigation tooling to streamline SOC/IR workflows and reduce MTTD/MTTR. Strengthen telemetry pipelines (onboarding, normalization, enrichment, schema governance, retention) for critical systems, identity providers, and cloud services. Operationalize threat intelligence by translating IOCs/TTPs into actionable detections and mitigations; prioritize emerging risks. Serve as a technical escalation point during major incidents, guiding log analysis, forensics, containment, and recovery efforts. Partner closely with Cloud, Infrastructure, IAM, DevSecOps, and Application Security to embed controls and ensure defense‑in‑depth across the stack. Lead evaluations and POCs of new technologies; drive continuous improvement of risk‑based metrics and reporting. Mentor engineers and contribute to engineering standards, runbooks, and best practices.
Requirements
- 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 5+ years in Cyber Defense, Detection Engineering, or Security Operations.
- 5+ years of experience in SIEM/SOAR platforms (e.g., Splunk, Azure Sentinel, Elastic) and analytics pipelines.
- 5+ years of experience in cloud security (Azure, AWS, GCP), endpoint and network telemetry, and identity security logging.
- 3+ years of experience in MITRE ATT&CK, threat hunting, adversary emulation, and behavior‑based detections.
- 3 years in Python, PowerShell, or Bash for automation and tooling.
Nice To Haves
- Experience with cloud‑native security services (Azure Defender/Microsoft Defender for Cloud, AWS GuardDuty, GCP SCC).
- Familiarity with container security (Kubernetes, AKS/EKS/GKE) and CI/CD ecosystems.
- Certifications such as GIAC (GCIA, GCDA, GCTI, GCFE), OSCP, CISSP, or cloud security credentials.
- Excellent communication and stakeholder management skills in a risk‑managed, regulated environment.
- Proven ability to lead complex initiatives, influence technical direction, and deliver outcomes at enterprise scale.
Benefits
- Health benefits
- 401(k) Plan
- Paid time off
- Disability benefits
- Life insurance, critical illness insurance, and accident insurance
- Parental leave
- Critical caregiving leave
- Discounts and savings
- Commuter benefits
- Tuition reimbursement
- Scholarships for dependent children
- Adoption reimbursement
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Education Level
No Education Listed
Number of Employees
5,001-10,000 employees
