Threat Detection Principal Engineer

About this role:
Wells Fargo is seeking a Principal Engineer in Technology as part of Cybersecurity. Learn more about the career areas and lines of business at wellsfargojobs.com.
Wells Fargo is seeking a Principal Threat Detection Engineer to join our Cybersecurity team. This role will serve as the senior technical authority for threat detection engineering, with a focus on leveraging Splunk, CrowdStrike, and Microsoft Defender to identify and mitigate advanced threats. The ideal candidate will possess deep expertise in MITRE ATT&CK, threat actor TTPs, and modern detection engineering practices.
In this role, you will:

• Act as a trusted advisor to leadership on threat detection strategy and platform architecture.
• Lead resolution of complex detection engineering challenges across multiple security platforms.
• Translate threat intelligence and business risk into actionable detection use cases.
• Maintain deep knowledge of adversary tradecraft, detection methodologies, and security analytics.
• Drive innovation and continuous improvement across threat detection operations.

Key Responsibilities:

• Serve as the Principal Engineer (SME) for threat detection across Splunk, CrowdStrike, and Microsoft Defender platforms.
• Lead the design and implementation of scalable detection logic and alerting frameworks aligned to MITRE ATT&CK techniques.
• Develop and maintain threat detection content to identify adversarial behaviors and emerging TTPs.
• Collaborate with threat intelligence, incident response, and SOC teams to ensure detection coverage and response readiness.
• Drive automation and enrichment of detection pipelines using scripting and orchestration tools.
• Provide technical oversight and mentorship to detection engineering teams.
• Evaluate emerging threats and technologies to continuously improve detection capabilities.
• Interface with executive leadership to align detection strategy with business priorities and risk posture.

Required Qualifications:

• 7+ years of Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• + years of hands-on experience with Splunk, including SPL development and detection engineering.
• 3+ years of experience with CrowdStrike Falcon and Microsoft Defender for Endpoint.
• Deep understanding of MITRE ATT&CK framework and threat actor TTPs.
• Proven experience developing and tuning detection content in large-scale enterprise environments.
• Strong scripting skills (e.g., Python, PowerShell) and familiarity with automation tools.

Desired Qualifications:

• Certifications such as Splunk Certified Architect, CrowdStrike Certified Falcon Administrator, or Microsoft SC-200.
• Experience integrating detection platforms with SOAR and threat intelligence feeds.
• Familiarity with cloud-native security tools and telemetry (AWS, Azure, GCP).
• Ability to communicate technical concepts to non-technical stakeholders.
• Experience working in regulated industries such as finance or healthcare.

Job Expectations:

• Ability to travel up to 10% of the time.
• Ability to work in a fast-paced, high-demand environment while balancing multiple priorities.

Pay Range
Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to achievements, skills, experience, or work location. The range listed is just one component of the compensation package offered to candidates.
$159,000.00 - $305,000.00
Benefits
Wells Fargo provides eligible employees with a comprehensive set of benefits, many of which are listed below. Visit Benefits - Wells Fargo Jobs for an overview of the following benefit plans and programs offered to employees.

• Health benefits
• 401(k) Plan
• Paid time off
• Disability benefits
• Life insurance, critical illness insurance, and accident insurance
• Parental leave
• Critical caregiving leave
• Discounts and savings
• Commuter benefits
• Tuition reimbursement
• Scholarships for dependent children
• Adoption reimbursement

Posting End Date:
25 Jan 2026
* Job posting may come down early due to volume of applicants.
We Value Equal Opportunity
Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Applicants with Disabilities
To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .
Drug and Alcohol Policy
Wells Fargo maintains a drug free workplace. Please see our Drug and Alcohol Policy to learn more.
Wells Fargo Recruitment and Hiring Requirements:
a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.