At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Corporate Risk helps all Wells Fargo businesses identify and manage risk. We focus on three key risk areas: credit risk, operational risk, and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.
Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.
Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization, led by the Chief Information Security Officer.
The focus of this position will be on ATMPage Content
Our EIS team is looking for a strong cyber security professional to join our Cyber Security Defense and Monitoring Team. This role will involve performing cutting-edge research on new attack vectors, techniques, and tactics. This role will emulate adversarial attacks in order to provide information to Wells Fargo Lines of Business with the overall goal of providing knowledge of indicators or compromise and TTP (Tools, Tactics, and Procedures) to other teams. This Cyber Security Research Scientist 2 will be responsible for creating attack chains and will explain how combining different weaknesses can result in higher impact. This team member will utilize complex hacking tools, create proof of concept exploits, and document attack chains so they can be re-created and defensive tactics can be developed for them. This role will research, analyze, design, test, and implement complex technologies, systems, and applications. This position reports to the Cyber Threat Management – Offensive Security Research Team and works closely with teams in a purple team capacity.
Key Focus Areas of the Role:
- Conduct Threat Emulation
- Conduct innovative research in cyber security
- Conduct active offensive and/or adversarial operations
- Conduct physical security assessments
- Develop custom penetration testing tools
- Develop in-depth findings reports
- Document the impact and severity of attack chains to be presented to the lines of business
- Act as a subject matter expert to convey technical details on attacks to the blue teams
The preferred locations for this position are Charlotte, NC; Winston-Salem, NC; Raleigh, NC; or Minneapolis, MN; however other locations within the Wells Fargo footprint may be considered.
Job Expectations - Travel of up to 10% may be possible for this role.Required Qualifications
- 3+ years of information security experience in converged testing (red teaming)
- 1+ year of experience in network, social, and physical domains
- 3+ years of experience in one or a combination of the following: creating proof of concepts, creating exploits, or reverse engineering
- 1+ years of experience with robotic engineering functions such as ATMs cash dispensing
- 2 + years of executing ethical penetration testing including exploitation and post-exploitation experience
- Advanced Information Security technical skills
- Proficient in working with systems, networks, and application vulnerability testing
- Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
- Experience with ATM configuration systems
- Experience with retail banking system user acceptance testing including, but not limited to, Store Vision Teller (SVT), Store Vision Platform (SVP), Mobile, ATM, Online Banking
- Knowledge and understanding of physical security equipment installation projects, installation commissioning, quality control, process documentation, training development, security systems programming, equipment testing, equipment certification, and false alarm reduction;
- Security engineering experience that includes knowledge and understanding of recent research and industrial advances in one or more of the following areas: computer and communication networks, cyber security threat detection, cyber security experimentation and testing, innovative research in cyber security, physical security controls and their weaknesses, debugging, hardware and device hacking, or electronics security
- Assessment experience in three or more of the following: mobile, web application, mainframe, wireless or network penetration testing
- Knowledge and understanding of Python, Ruby, PowerShell, and Shell scripting
- Physical hardware hacking experience
- Physical security assessments experience
- Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
- Ability to work effectively, as well as independently, in a team environment
- Strong organizational, multi-tasking, and prioritizing skills
- Ability to handle confidential material in a professional manner
- Excellent verbal, written, and interpersonal communication skills
- Knowledge and understanding of banking or financial services industry
- Experience working in a large enterprise environment
- Strong analytical skills with high attention to detail and accuracy
- Knowledge and understanding of system/application architecture and design concepts
- Ability to present complex material in a digestible, consumable manner to all levels of management
- Certifications in one or more of the following: Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE)
- 1+ year of experience in network, social, and physical domains
- Exceptional report writing skills using a penetration tester framework/methodology
- Reverse engineering and exploit creation/modification experience
- Highly experienced with operating system and application hardening best practices
- Strong ability to find and dissect vulnerabilities without using standard and self-created tools
- Demonstrated issue resolution and negotiation skills
- Strong ability to create proof of concepts from discovered potential vulnerabilities
- Comprehensive understanding of recent research and industry advances in the following areas: Computer and communication networks, Cyber security threat detection, Cyber security experimentation/testing, and Programming
- Ability to perform debugging, performance evaluation, and paper/document writing
- Significant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure, and emerging technologies to improve the enterprise information security posture
- Experience leading with red team activities and supporting computer security incident response activities and the technical investigations of information security related incidents
- All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.