Senior Information Security Engineer - SIEM Database Activity Logging

About this role:

Wells Fargo is seeking a Senior Security Information & Event Management (SIEM) Engineer to design, implement, and operate database security monitoring and logging solutions at enterprise scale. This role focuses on IBM Guardium for database activity monitoring and Splunk for centralized log ingestion, correlation, and detection across a diverse database ecosystem including MongoDB, PostgreSQL‑based platforms, Neo4J, and other distributed data stores. Strong information security fundamentals and deep Splunk engineering experience are essential.

In this role, you will:

• Engineer and operate IBM Guardium for database activity monitoring and security telemetry
• Design and manage direct‑to‑Splunk database logging pipelines across multiple platforms
• Own and maintain hundreds to thousands of Splunk knowledge objects, including searches, macros, lookups, dashboards, and alerts
• Develop and improve SIEM detection use cases aligned to threat models, risk scenarios, and regulatory requirements
• Support security incident response, including log analysis, technical investigation, and post‑incident root cause analysis
• Develop and maintain relationships with product vendors and other team stakeholders
• Participate in on‑call rotation, deployment activities, and SDLC‑aligned change management
• Partner with infrastructure, database, application, and security teams to improve the bank’s overall security posture
• Provide security consulting and technical guidance for internal engineering teams on medium to large initiatives
• Review, correlate, and analyze security logs to identify threats, anomalies, and control gaps
• Identify security vulnerabilities, perform risk assessments, and recommend remediation strategies
• Design, document, test, and maintain security solutions spanning telemetry, authentication, cloud, and data protection domains
• Contribute to and maintain Jira and Confluence documentation
• Mentor peers and contribute to a culture of continuous improvement and knowledge sharing

• Manage hundreds to thousands of Splunk knowledge objects at scale

• Build automated logging and telemetry processes using configuration, scripting, AI‑assisted tooling, and vendor integrations
• Collaborate with domestic and international teams
• Hybrid onsite work model
• Maintain high‑quality operational and technical documentation
• Demonstrate a willingness to learn, teach, and continuously improve

Required Qualifications:

• 4+ years of Information Security Engineering experience, or equivalent demonstrated through work experience, training, military experience, or education
• 2+ years of Splunk engineering experience, including search development and knowledge object management
• 2+ years of database activity monitoring experience
• 2+ years of experience designing and implementing Senior Security Information & Event Management SIEM use cases from requirements to production

Desired Qualifications:

• 2+ years of IBM Guardium
• Splunk Enterprise Certified Administrator
• CISSP, CCSP, or similar professional security certification
• Cloud Professional certification
• BA/BS or higher in Computer Science, MIS, or a related field
• Database auditing or database administration experience
• Experience with application security or security architecture
• Scripting experience (e.g., Python, Splunk automation integration, or tooling integration)
• Experience performing impact and risk analysis for complex enterprise systems
• Strong verbal and written communication skills, including technical and business documentation
• Ability to communicate effectively with both technical and non‑technical stakeholders
• Proven analytical, troubleshooting, and problem‑solving skills
• Ability to work independently while managing competing priorities

Job Expectations:

• Willingness to participate in an on‑call rotation and provide after‑hours support as needed
• This position is not available for Visa Sponsorship
• This position does require working in a hybrid environment at one of the posted locations.
• There is no relocation available for this position.

Pay Range
 

Reflected is the base pay range offered for this position. Pay may vary depending on factors including but not limited to demonstrated examples of prior performance, skills, experience, or work location. Employees may also be eligible for incentive opportunities.

$100,000.00 - $196,000.00

Posting End Date:

13 Apr 2026

*Job posting may come down early due to volume of applicants.

We Value Equal Opportunity

Wells Fargo is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other legally protected characteristic.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.

Applicants with Disabilities

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo.

Drug and Alcohol Policy

 

Wells Fargo maintains a drug free workplace.  Please see our Drug and Alcohol Policy to learn more.

Wells Fargo Recruitment and Hiring Requirements:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.

b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.