Senior Lead Cyber Security Research Consultant

at  Wells Fargo

APPLICANTS WITH DISABILITIES

To request a medical accommodation during the application or interview process, visit Disability Inclusion at Wells Fargo .

WELLS FARGO RECRUITMENT AND HIRING REQUIREMENTS:

a. Third-Party recordings are prohibited unless authorized by Wells Fargo.
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process

Required Qualifications:

• 7+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 7+ years of experience in briefing senior level executives and key stakeholders around red team activities
• 7+ years of information security reporting and analysis experience
• 5+ years of experience in one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of bot

Desired Qualifications:

• 7 years of experience conducting red team assessments of high-consequence systems
• Understanding of MITRE ATT&CK framework
• Experience with Burp Suite, Crowdstrike, Splunk, Chronicle, EDR solutions
• Thorough understanding of concepts and principles related to security, strategy, management, and intelligence analysis
• Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise
• Ability to work with and against internal resistance, and, as necessary, build consensus for red teaming within the enterprise
• Ability to think and act both strategically and tactically, theoretically, and pragmatically
• OSCP certification or other similar related security certifications
• GCP and Azure certification

Wells Fargo is seeking a Senior Lead Cyber Security Research Consultant who will investigate existing types of malware, analyze their capabilities, and attempt to predict new forms of malware to develop appropriate security responses.

In this role, you will:

• Oversee the development of red teaming methods and solutions within and across the enterprise, to include (but not limited to) the areas of business continuity, emergency management, supply chain security, information security, personnel security, operations security, and facilities security
• Build a mentoring program for the red team and its partners to help develop the capabilities around threat emulation, malware and tool creation, and tradecraft
• Act as a senior contributor to the Offensive Security Research Team to provide subject matter expertise on offensive operations, operationalizing threat intelligence, tool development, and tradecraft
• Work closely with blue and purple team partners to trigger incidents and work with them on detection effectiveness, building relationships among the differing groups
• Build and maintain a comprehensive model of relevant, feasible threats to the enterprise
• Educate senior management regarding the strengths, weaknesses, opportunities, and threats associated with strategic red teaming
• Provide regular threat/risk briefings to senior management regarding issues raised by the red team. Present findings within a context of overall risk to the enterprise. Adjust red team activities and agenda based on senior management input
• Work closely with existing infrastructure and security teams, both to receive input and to provide practical and actionable intelligence
• Act as an adversarial counterpoint to security strategy proposals

Required Qualifications:

• 7+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 7+ years of experience in briefing senior level executives and key stakeholders around red team activities
• 7+ years of information security reporting and analysis experience
• 5+ years of experience in one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of both

Desired Qualifications:

• 7 years of experience conducting red team assessments of high-consequence systems
• Understanding of MITRE ATT&CK framework
• Experience with Burp Suite, Crowdstrike, Splunk, Chronicle, EDR solutions
• Thorough understanding of concepts and principles related to security, strategy, management, and intelligence analysis
• Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise
• Ability to work with and against internal resistance, and, as necessary, build consensus for red teaming within the enterprise
• Ability to think and act both strategically and tactically, theoretically, and pragmatically
• OSCP certification or other similar related security certifications
• GCP and Azure certifications

Job Expectations:

• This position offers a hybrid work schedule
• This position is not eligible for Visa sponsorship

Locations:

• Charlotte, NC
• Chandler, AZ
• Minneapolis, MN
• Westlake, TX
• San Antonio, TX