12 days old
2018-07-102018-08-09

Cyber Sec Research Scientist 3 - Red Team Researcher / Scientist

Chandler, AZ
  • Job Code
    5409683-3
Job Description

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.
Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Note: The preferred location for this position is 1.) Charlotte, NC 2.) Winston-Salem, NC 3.) Chandler, AZ. Other locations may be considered including telecommute.

These four positions report to the Cyber Threat Management - Vulnerability Assessment Team and will work closely with teams in other internal information security programs. Two of these position will focus mostly on perimeter systems and the other two more broadly.
The primary role with be to serve as a professional ethical hacker/red teamer that mimics techniques of adversaries in order to discover risk through blended attacks. This role will determine business risk using attacker techniques in order to reduce the overall risk for Wells Fargo. This role will determine likelihood, ease of exploit, data classification, impact and provide a severity/risk rating. This role must be able to utilize complex hacking tools and create proof of concept exploits. The candidate will provide adversarial simulations to identify gaps and educates defense teams (blue teams) on attacker techniques. This role will research, analyze, design, test, and implement complex technologies, systems, and applications.

Responsibilities:
Conducts innovative research in cyber security
Conducts networking, device, mobile, wireless, hardware, and web-based application penetration tests
Conducts logical security audits and hands-on technical security evaluations and implementations
Conducts various security assessments
Conducts social engineering assessments
Conducts physical security assessments
Develop custom penetration testing tools
Develop in-depth findings report
Communicate findings to lines of business based on inherit risks

Required Qualifications

5+ years of information security experience in converged testing (red teaming)1+ year of experience in network, social, and physical domains5+ years of experience in one or a combination of the following: creating proof of concepts, creating exploits, or reverse engineering5 + years of executing ethical penetration testing including exploitation and post-exploitation experience

Desired Qualifications

Expert Information Security technical skillsProficient in working with systems, networks, and application vulnerability testingAbility to manage complex security scenarios and develop innovative solutions to address the most recent cyber threatsSecurity engineering experience that includes knowledge and understanding of recent research and industrial advances in one or more of the following areas: computer and communication networks, cyber security threat detection, cyber security experimentation and testing, innovative research in cyber security, physical security controls and their weaknesses, debugging, hardware and device hacking, or electronics securityAssessment experience in three or more of the following: mobile, web application, mainframe, wireless or network penetration testingKnowledge and understanding of Python, Ruby, PowerShell, and Shell scriptingPhysical hardware hacking experiencePhysical security assessments experienceKnowledge and understanding of information security risk assessment procedures, risk mitigation or remediationAbility to work effectively, as well as independently, in a team environmentStrong organizational, multi-tasking, and prioritizing skillsAbility to handle confidential material in a professional mannerExcellent verbal, written, and interpersonal communication skillsKnowledge and understanding of banking or financial services industryExperience working in a large enterprise environmentStrong analytical skills with high attention to detail and accuracyKnowledge and understanding of system/application architecture and design conceptsAbility to present complex material in a digestible, consumable manner to all levels of management

Other Desired Qualifications
  • 5+ years of converged testing (red teaming) with one or more of network, social, and physical domains
  • Experience with physical hardware hacking
  • Experience with physical security assessments
  • Exceptional report writing skills using a penetration tester framework/methodology.
  • Reverse engineering and reusing exploits
  • Highly experienced with operating system and application hardening best practices
  • Strong ability to find and dissect vulnerabilities without using standard tools
  • Demonstrates issue resolution and negotiation skills;
  • Strong ability to create proof of concepts from discovered potential vulnerabilities
  • Comprehensive understanding of recent research and industry advances in the following areas: Computer and communication networks, Cyber security threat detection, Cyber security experimentation/testing, and Assembly.
  • Perform debugging, performance evaluation, and paper/document writing.
  • Significant experience identifying security vulnerabilities for the company's networks, application systems, hardware infrastructure and emerging technologies to improve the enterprise information security posture.
  • Leads with red team activities and supports computer security incident response activities and the technical investigations of information security related incidents.
  • Certifications in one or more of the following: Global Information Assurance Certification (GIAC), Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), or Offensive Security Web Expert (OSWE)
  • Disclaimer

    All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

    Relevant military experience is considered for veterans and transitioning service men and women.
    Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.

    Categories

    Featured Jobs

    Career News

    Before you go...

    Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

    Share this job:

    Cyber Sec Research Scientist 3 - Red Team Researcher / Scientist

    Wells Fargo
    Chandler, AZ

    Share this job

    Cyber Sec Research Scientist 3 - Red Team Researcher / Scientist

    Wells Fargo
    Chandler, AZ
    US

    Separate email addresses with commas

    Enter valid email address for sender.

    Join us to start saving your Favorite Jobs!

    Sign In Create Account
    Powered ByCareerCast