Charlotte, NC

About this role:

Wells Fargo is seeking a Lead Information Security Analyst to build a world-class red teaming capability at Wells Fargo. The successful candidate will support efforts to improve Wells Fargo defenses using adversarial cybersecurity research and expertise as a member of the internal attack team. The enterprise is committed to adopting and maintaining a system-wide view of threat-driven risks, with the goal of working with senior management to control these risks. The following skills are relevant for this position:

• Systems thinking
• Systems Analysis
• Game theory
• War gaming
• Intelligence analysis
• Writing and presenting
• Risk Assessment
• Controls Effectiveness

This position will directly support these efforts by collaborating with various parts of the organization including those performing cyber defense research, incident response, and detection engineering. The ideal candidate will have extensive experience in analyzing cybersecurity research, such as understanding MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs) used in testing our defensive control effectiveness. The position will require the ability to collaborate with cyber defenders in order to understand defense challenges and help get attack actions and the implications of red team findings translated into actionable defensive knowledge. This position will also keep abreast of cybersecurity issues and inform the direction of Wells Fargo cybersecurity strategy by interface regularly with external entities including cyber threat intelligence organizations, financial industry contacts, and government agencies. Interaction with internal partners including legal, fraud, financial crimes, technology and line of business leaders and executives will be required.

Responsibilities:

• Oversee the integration of findings from red team initiatives into risk management processes, including dispositioning of results to multiple enterprise teams and tracking remediation for audit purposes.
• As a red team representative, coordinate with business continuity, emergency management, supply chain security, information security, personnel security, operations security, and facilities security organizations across the enterprise.
• Maintain red team processes, including project management, product ownership, and team level documentation in support of coordinating day to day operations and, where necessary supporting audit response.
• Work closely with Senior Lead team members to ensure our efforts are coordinated and that they address relevant threats.
• Generate and track metrics and report operational data for use by leadership.
• Build cross-organizational relationships and foster collaboration as a team ambassador.
• Contribute to the creation and maintenance of a secure computing environment by educating peers and partners on cyber threat prevention and mitigation strategies.
• Analyze and evaluate internal / external information needs and help coordinate responses for the team.
• Utilize critical thinking and help define a holistic cybersecurity strategy though partnership and stakeholder engagement.
• Advise and guide others during complex negotiations and problem escalations; influence at all levels, both internally and externally, to guide cross-functional teams to identify and achieve operational and strategic objectives.
• Apply process engineering tools and techniques to formulate analysis and derive recommendations.
• Maintain an understanding of function-specific and general business risk types and frameworks, applicable policies or laws and/or the regulatory landscape. Share that knowledge to minimize business risk.
• Identify and escalate risks; follow controls, policies, or procedures to support risk management and maintain compliance.

In this role, you will:

• Support red team leadership through the documentation of key processes and controls as well as the creation and delivery of status updates and presentations to leadership
• Work with offensive cybersecurity researchers to identify and build operational, business, and strategic process for the team
• Work with the team and its partners to provide oversight and guidance in responding to and resolving critical cyber security events and consult leadership with the decisions related to business process, security controls, policies and standards, regulations and investment prioritization
• Work with senior leads and red team leadership to support advanced cyber security incident response and threat detection for the company
• Collaborate and influence all levels of professionals including managers, technologists, and executives
• Educate and facilitate adoption of leading practice methodologies, processes and frameworks to enable effective work delivery in a collaborative work environment.
• Coordinate the communication of research findings to help customers take appropriate remediation steps.
• Serve as a mentor to less experienced staff

Required Qualifications, US:

• 5+ years of experience in one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of both
• 5+ years of information security reporting and analysis experience
• 3+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of Incident Response Protocols and Tools experience
• Advanced understanding of data visualization, data analysis, and Microsoft Office.
• Understanding MITRE ATT&CK TTPs and detection data sources and techniques

Desired Qualifications:

• Cross-functional security experience in at least two of the following areas: incident response, information security reporting and analysis, detection modeling, or threat hunting.
• Understanding of concepts and principles related to security, strategy, management, and intelligence analysis.
• Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise.
• Ability to work with and against internal resistance, and, as necessary, build consensus for red teaming within the enterprise.
• Ability to collaborate and share knowledge within a fast-moving, multifaceted enterprise environment.

Job Expectations:

• Ability to travel up to 10% of the time

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.