About this role:
Wells Fargo is seeking a Senior Lead Cyber Security Research Consultant red teamer to build a world-class red teaming capability at Wells Fargo. The successful Cyber Security Strategist will lead the enterprise's efforts in adopting and maintaining a system-wide view of threat-driven risks, with the goal of working with senior management to control these risks. The following skills are relevant for this position:
- Systems thinking
- Systems Analysis
- Game theory
- War gaming
- Intelligence analysis
- Writing and presenting
- Risk Assessment
- Controls Effectiveness
This position will interact directly with the Offensive Security Research Team and indirectly with our defense teams including the Cyber Threat Fusion Center.
The ideal candidate will have extensive experience in conducting research, utilizing attack methods, and evolving Tactics, Techniques, and Procedures (TTPs) for testing our defensive control effectiveness. The position will require regular interface with external entities including cyber threat intelligence organizations, financial industry contacts, and government agencies. Interaction with internal partners including legal, fraud, financial crimes, technology and line of business leaders and executives will be required.
In this role, you will:
- Oversee the development of red teaming methods and activities within and across the enterprise, to include (but not limited to) the areas of business continuity, emergency management, supply chain security, information security, personnel security, operations security, and facilities security.
- Work closely with our CTFC in a 'purple team' capacity to trigger incidents and work with them on detection effectiveness.
- Develop and manage a threat intelligence program to address threats relevant to the areas listed above.
- Build and maintain a comprehensive model of relevant, feasible threats to the enterprise.
- Educate senior management regarding the strengths, weaknesses, opportunities, and threats associated with strategic red teaming.
- Provide regular threat/risk briefings to senior management regarding issues raised by the red team. Present findings within a context of overall risk to the enterprise. Adjust red team activities and agenda based on senior management input.
- Work closely with existing infrastructure and security teams, both to receive input and to provide practical and actionable intelligence.
- Act as an adversarial counterpoint to security strategy proposals.
- Help build, hire, and retain top talent to shape a world-class red team. Taken as a whole, this team (or teams) should represent expertise across a complete range of the enterprise's functions.
Required Qualifications, US:
- Apply advanced data analysis techniques, including machine learning, statistics and data mining to solve core business challenges, capture cyber security requirements and translate them into solutions
- Build prototypes and proof of concepts, pilot systems, and optimize databases in support of program operational, business, and strategic requirements development process
- Conduct research and identify technologies to address capability gaps for emerging cyber threats, attack methods and evolving tactics, techniques, and procedures
- Integrate new architectural analysis of cyber security features and relate existing system to future needs and trends
- Embed advanced forensic tools and techniques for attack reconstruction, and provide engineering recommendations
- Provide oversight and guidance to a team in responding to and resolving critical cyber security events and consult leadership with the decisions related to business process, security controls, policies and standards, regulations and investment prioritization
- Set the strategy and direction for advanced cyber security incident response and threat detection for the company
- Collaborate and influence all levels of professionals including managers
- Lead team to achieve objectives
- 7+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 7+ years of information security reporting and analysis experience
- 7+ years of cyber security incidents and events investigation experience
- 7+ years of Incident Response Protocols and Tools experience
- 5+ years of experience in one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of both
- 7 years of experience conducting red team assessments of high-consequence systems.
- Cross-functional security experience in at least two of the areas listed above.
- Thorough understanding of concepts and principles related to security, strategy, management, and intelligence analysis.
- Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise.
- Ability to work with and against internal resistance, and, as necessary, build consensus for red teaming within the enterprise.
- Ability to think and act both strategically and tactically, theoretically and pragmatically.
- Ability to collaborate and share knowledge within a fast-moving, multifaceted enterprise environment.
We Value Diversity
- Ability to travel up to 15% of the time
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.
- Business Processes
- Computer Security
- Customer Relationship Management
- Data Analysis