Cyber Security Research Strategist

Wells Fargo - New York, NY

Full-time
Job Description
At Wells Fargo, we want to satisfy our customers’ financial needs and help them succeed financially. We’re looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you’ll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Wells Fargo Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure footprint; provides information security; and enables continuous banking access through in-store, online, ATM, and other channels to Wells Fargo’s more than 70 million global customers.

Enterprise Information Security
Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Security’s (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo’s infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

This position falls within the Enterprise Access Management (EAM) Operational Readiness Team which serves as the EAM Operations ambassador to all technology teams across the enterprise, and is responsible for EAM Operations' daily readiness delivery through alignment of operational priorities and EAM toolsets. Key support activities include operational process improvement, technology maturation, change management, organizational training, strategic-level EAM-specific threat and vulnerability management.

Wells Fargo’s Identity and Access Management (IAM) architecture forms an additional logical boundary which stretches beyond internal and traditional security boundaries into third-party systems and the Cloud. This position will serve as the lead BAU liaison/EAM Operations ambassador between the EAM Operations organization and the Cyber Security Defense and Monitoring (CSD&M) Organization’s Cyber Threat Fusion Center (CTFC), Red Team, Penetration Testing Teams, Cyber Threat Intel, and BCP/DRP Technology teams as well as other EAM organizational teams to facilitate two-way information flow, collaboration and coordination, with the goal of producing an active EAM role in improving Wells Fargo’s EAM cyber defense posture and resilience. This role’s initial objective will be to define and establish EAM technology operational acceptability requirements and EAM technology survivability criteria, which will be based on measuring the degree to which our EAM systems are defendable and resilient. This survivability measurement includes elements of susceptibility, vulnerability, and recoverability against all known threats, with consideration to exploitability, business continuity, and disaster recovery. The NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) will be foundational in establishing and measuring this capability.

Develop strategy and lead implementation efforts of EAM-centric threat and vulnerability management long-term BAU effort to work in partnership with existing Wells Fargo CSD&M teams.
Work to provide Threat and Vulnerability Management from a strategic/tactical/proactive approach, to augment reactive/operational-level privileged access management efforts already in place.
Gather EAM technical requirements from CSD&M to ensure that the EAM architecture is defendable and resilient.
Facilitate and assist in vulnerability discovery and remediation efforts across EAM and EIS teams.
Make EAM teams aware of current and relevant cyber threats and how those threats affect the EAM/IAM production environment.
Collaborate with CTM Threat Services team to integrate and orchestrate processes for vulnerability assessment and cyber threat intelligence requirements specific to EAM operations and strategy.
Determine and develop EAM roles in BCP/DRP training exercises and facilitate planning efforts for future exercises.
As needed and relevant, provide for EAM involvement in cyber defense exercises and facilitate planning efforts for future exercises.
Collaborate with Red Teams in a supporting (white cell) role to improve EAM effectiveness of Red Team events, and to ensure Red Team discovered EAM vulnerabilities are mitigated or remediated by the proper organizations within EIS and EIT.
Ensure that EAM vulnerabilities discovered and observations revealed through assessments (red, blue, penetration, hygiene, etc) are tracked from discovery through to remediation or mitigation, and verification that those corrective actions are successful.
Assist EAM production support where needed in response efforts to cyber incidents that occur with the EAM space.
Assist in organizational training efforts through support, participation, scheduling, etc.
Serve as the EAM operations lead in supporting all other EAM cyber security related efforts to ensure effective EAM BAU sustainment and operational readiness.
Note: Charlotte, NC is the preferred work location for this position, but will consider other core Wells Fargo locations as well as remote work.

Required Qualifications

5+ years of systems vulnerability management experience
10+ years of Information Security experience, including infrastructure, application development security and architecture
5+ years of information security risk assessment experience
5+ years of experience working with multiple security domains (network, application security, threat intelligence and data analytics)

Desired Qualifications

Experience supporting senior level leaders/executives
Excellent verbal, written, and interpersonal communication skills
Certified Internal Auditor (CIA), Certified Information Systems Auditor, (CISA) Certification in Control Self-Assessment (CCSA), Certified Information Systems Security Professional, (CISSP) or other risk management discipline certification
Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), or Web Application Penetration Tester (WAPT) certification
Experience communicating in both written and verbal formats with senior executive-level leaders
Experience presenting technical concepts to senior leaders
Experience facilitating meetings with team members in various remote locations
Strong analytical, critical thinking and problem solving skills
Thorough understanding of security principles and their application in an enterprise IT environment
Experience with global regulatory requirements that may impact security (EU Privacy)
Knowledge and understanding of one or more standard security related frameworks (NIST-Cyber, CoBIT, ISO)
Ability to effectively communicate to both technical and non-technical audiences
One or more security certifications (CISSP, GIAC, CISM, CEH)
Expertise in rapid development and deployment of new security solutions

Other Desired Qualifications
Experience with NIST Cyber Security Framework
Experience with or solid knowledge of the MITRE ATT&CK Framework
Experience with or solid knowledge of the Identity and Access Management (IAM) space
Experience working within a Security Operations Center (SOC)
Expereince with Red Team, Blue Team, Threat Hunting, and/or Penetration Testing

Job Expectations

Ability to travel up to 10% of the time

Disclaimer

All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

TECHNOLOGY