Senior Information Security Engineer

Wells Fargo & Company•Charlotte, NC

2d•$100,000 - $196,000

About The Position

About this role: Wells Fargo is seeking a Senior Information Security Engineer in Technology as part of Cybersecurity. Learn more about the career areas and lines of business at wellsfargojobs.com. Wells Fargo is seeking a Cybersecurity Engineer to support the Cyber Incident Management function within Cybersecurity. This mid-level role is responsible for coordinating and executing technical response actions during security events, supporting Incident Commanders, and helping drive timely triage, investigation, containment, and remediation of cybersecurity incidents. The Incident Handler acts as a hands-on security SME during active events, works closely with SOC/IR teams, threat intelligence, engineering partners, and business stakeholders, and contributes to the continual improvement of incident management processes, playbooks, and tooling. In this role, you will: Lead or participate in computer security incident response activities for moderately complex events Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security Review and correlate security logs Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals Incident Handling & Technical Execution Support incident response teams during security events, executing triage, investigation, containment, and recovery activities. Support the Incident Commander by providing technical analysis, work management, and communications. Utilize incident response tools (e.g., SIEM, SOAR, EDR, forensic utilities) to collect evidence and assess scope and impact. Document incident timelines, actions taken, and technical findings. Operational Coordination & Communication Coordinate with SOC analysts, threat intelligence teams, platform owners, and business application partners as part of incident response efforts. Escalate issues appropriately based on severity, risk, and business impact. Communicate technical findings in clear, concise language to technical and non-technical stakeholders. Assist in drafting incident summaries, after-action reports, and metrics for leadership review. Process, Playbooks & Continuous Improvement Contribute to the development, refinement, and maintenance of incident response playbooks, runbooks, and standard operating procedures. Identify opportunities to streamline or automate recurring incident handling tasks. Support lessons-learned activities and assist in driving corrective actions to reduce future risk. Help maintain operational readiness across the enterprise by ensuring accurate documentation, consistent workflows, and alignment with incident management governance. Tooling & Technical Support Use case management platforms, workflow tools, and alert pipelines to manage and track incident tasks. Support improvements to detection and response capabilities by providing feedback to engineering and detection teams. Assist in onboarding enhancements to incident management tooling, dashboards, and automation.

Requirements

4+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
Practical experience in incident response, SOC operations, log analysis, or threat detection.
Working knowledge of core IR technologies: SIEM, EDR, SOAR, ticketing/case management, and forensic tools.
Familiarity with common attack vectors, malware behavior, network security principles, and threat actor TTPs.

Nice To Haves

Understanding of incident response methodologies and frameworks such as NIST 800-61, MITRE ATT&CK, NIST CSF, or ISO standards.
Hands-on experience with cloud, endpoint, identity, or network security technologies.
Experience in highly regulated environments or large-scale enterprise operations.
Exposure to scripting or automation (Python, PowerShell, SOAR playbooks)
Relevant certifications (e.g., GCIH, GCIA, GCFE, Security+, CySA+, CEH)
Strong analytical and troubleshooting skills with the ability to investigate complex technical issues under time pressure.
Effective verbal and written communication skills, including ability to summarize technical concepts clearly.

Responsibilities

Lead or participate in computer security incident response activities for moderately complex events
Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, cloud, authentication and directory services, email, internet, applications, and endpoint security
Review and correlate security logs
Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives
Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
Support incident response teams during security events, executing triage, investigation, containment, and recovery activities.
Support the Incident Commander by providing technical analysis, work management, and communications.
Utilize incident response tools (e.g., SIEM, SOAR, EDR, forensic utilities) to collect evidence and assess scope and impact.
Document incident timelines, actions taken, and technical findings.
Coordinate with SOC analysts, threat intelligence teams, platform owners, and business application partners as part of incident response efforts.
Escalate issues appropriately based on severity, risk, and business impact.
Communicate technical findings in clear, concise language to technical and non-technical stakeholders.
Assist in drafting incident summaries, after-action reports, and metrics for leadership review.
Contribute to the development, refinement, and maintenance of incident response playbooks, runbooks, and standard operating procedures.
Identify opportunities to streamline or automate recurring incident handling tasks.
Support lessons-learned activities and assist in driving corrective actions to reduce future risk.
Help maintain operational readiness across the enterprise by ensuring accurate documentation, consistent workflows, and alignment with incident management governance.
Use case management platforms, workflow tools, and alert pipelines to manage and track incident tasks.
Support improvements to detection and response capabilities by providing feedback to engineering and detection teams.
Assist in onboarding enhancements to incident management tooling, dashboards, and automation.