Apply on Employer Site

Wells Fargo · 5 hours ago

Cyber Defense Principal Engineer

Minneapolis, MN

Full-time

Hybrid

Senior Level, Lead/Staff

$159K/yr - $305K/yr

7+ years exp

Wells Fargo is seeking a Cyber Defense Principal Engineer to serve as a senior technical leader responsible for designing, advancing, and operationalizing enterprise-wide detection, response, and threat-mitigation capabilities. In this role, you will engineer and optimize enterprise detection and response platforms, develop high-quality detections, and partner closely with various teams to ensure defense-in-depth across the stack.

BankingFinancial ServicesFinTechInsurancePayments

No H1B

Responsibilities

Engineer and optimize enterprise detection and response platforms (SIEM, SOAR, EDR, NDR, cloud-native tools) to improve coverage, resilience, and time-to-detect/respond

Develop high-quality detections leveraging threat models, behavior analytics, MITRE ATT&CK, and intelligence-driven TTPs-balancing fidelity with operational efficiency

Build automated response playbooks and investigation tooling to streamline SOC/IR workflows and reduce MTTD/MTTR

Strengthen telemetry pipelines (onboarding, normalization, enrichment, schema governance, retention) for critical systems, identity providers, and cloud services

Operationalize threat intelligence by translating IOCs/TTPs into actionable detections and mitigations; prioritize emerging risks

Serve as a technical escalation point during major incidents, guiding log analysis, forensics, containment, and recovery efforts

Partner closely with Cloud, Infrastructure, IAM, DevSecOps, and Application Security to embed controls and ensure defense-in-depth across the stack

Lead evaluations and POCs of new technologies; drive continuous improvement of risk-based metrics and reporting

Mentor engineers and contribute to engineering standards, runbooks, and best practices

Qualification

Cyber DefenseDetection EngineeringSIEM/SOAR platformsCloud SecurityMITRE ATT&CKPythonPowerShellBashStakeholder managementCommunication skillsLeadership

Required

7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education

5+ years in Cyber Defense, Detection Engineering, or Security Operations

5+ years of experience in SIEM/SOAR platforms (e.g., Splunk, Azure Sentinel, Elastic) and analytics pipelines

5+ years of experience in cloud security (Azure, AWS, GCP), endpoint and network telemetry, and identity security logging

3+ years of experience in MITRE ATT&CK, threat hunting, adversary emulation, and behavior-based detections

3 years in Python, PowerShell, or Bash for automation and tooling