16 days old

Cyber Security Research Strategist

Winston-Salem, NC
  • Job Code
Job Description

At Wells Fargo, we have one goal: to satisfy our customers financial needs and help them achieve their dreams. Were looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where youll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Corporate Risk helps all Wells Fargo businesses identify and manage risk.We focus on three key risk areas: credit risk, operational risk and market risk. We help our management and Board of Directors identify and monitor risks that may affect multiple lines of business, and take appropriate action when business activities exceed the risk tolerance of the company.

Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Securitys (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargos infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Note: This position can sit in any core Wells Fargo location or telecommute.

This is an excellent opportunity for an experienced, forward-looking red teamer to build a world-class red teaming capability at Wells Fargo. The successful Cyber Security Strategist will lead the enterprises efforts in adopting and maintaining a system-wide view of threat-driven risks, with the goal of working with senior management to control these risks. The following skills are relevant for this position:

  • Systems thinking
  • Systems Analysis
  • Game theory
  • War gaming
  • Intelligence analysis
  • Writing and presenting
  • Risk Assessment
  • Controls Effectiveness
  • Validation assurance

This position will interact directly with the Offensive Security Research Team and indirectly with our defense teams including the Cyber Threat Fusion Center. The ideal candidate will have extensive experience in conducting research, utilizing attack methods, and evolving Tactics, Techniques, and Procedures (TTPs) for testing defensive control effectiveness. The position will require regular interface with external entities including cyber threat intelligence organizations, financial industry contacts, and government agencies. Interaction with internal partners including legal, fraud, financial crimes, technology and line of business leaders and executives will be required.


  • Oversee the development of red teaming methods and activities within and across the enterprise, to include (but not limited to) the areas of business continuity, emergency management, supply chain security, information security, personnel security, operations security, and facilities security.
  • Work closely with our CTFC in a purple team capacity to trigger incidents and work with them on detection effectiveness.
  • Develop and manage a threat intelligence program to address threats relevant to the areas listed above.
  • Build and maintain a comprehensive model of relevant, feasible threats to the enterprise.
  • Educate senior management regarding the strengths, weaknesses, opportunities, and threats associated with strategic red teaming.
  • Provide regular threat/risk briefings to senior management regarding issues raised by the red team. Present findings within a context of overall risk to the enterprise. Adjust red team activities and agenda based on senior management input.
  • Work closely with existing infrastructure and security teams, both to receive input and to provide practical and actionable intelligence.
  • Act as an adversarial counterpoint to security strategy proposals.
  • Help build, hire, and retain top talent to shape a world-class red team. Taken as a whole, this team (or teams) should represent expertise across a complete range of the enterprises functions.

Required Qualifications

  • 10+ years of Information Security experience, including infrastructure, application development security and architecture
  • 5+ years of information security risk assessment experience
  • 5+ years of experience working with multiple security domains (network, application security, threat intelligence and data analytics)
  • 8+ years of Information Security reporting and analysis experience
  • 3 + years of cyber security incidents and events investigation experience
  • 5+ years of Incident Response Protocols and Tools experience
  • 5+ years of experience one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of both
  • 5 + years of executing ethical penetration testing including exploitation and post-exploitation experience

Desired Qualifications

  • Thorough understanding of security principles and their application in an enterprise IT environment
  • Experience with global regulatory requirements that may impact security (EU Privacy)
  • Knowledge and understanding of one or more standard security related frameworks (NIST-Cyber, CoBIT, ISO)
  • Strong analytical, critical thinking and problem solving skills
  • Ability to effectively communicate to both technical and non-technical audiences
  • One or more security certifications (CISSP, GIAC, CISM, CEH)
  • Expertise in rapid development and deployment of new security solutions
  • Knowledge and understanding of malware reverse engineering including: code or behavior analysis for endpoints and the network
  • Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
  • Experience working in a large enterprise environment

Other Desired Qualifications

8+ years of converged testing (red teaming) with one or more of network, social, and physical domains
8+ years of creating proof of concepts and creating exploits or reverse engineering skills
Information Security Certifications: OSCP, OSCE, OSWP, OSEE, CBEST, GXPN
Thorough understanding of concepts and principles related to security, strategy, management, and intelligence analysis.
Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise.
Ability to work with and against internal resistance, and, as necessary, build consensus for red teaming within the enterprise.
Ability to think and act both strategically and tactically, theoretically and pragmatically.
Ability to collaborate and share knowledge within a fast-moving, multifaceted enterprise environment.


All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.

Relevant military experience is considered for veterans and transitioning service men and women.

Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.



  • Information Technology
  • Security / Protective Services
  • Engineering
  • Government

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Cyber Security Research Strategist

Wells Fargo
Winston-Salem, NC

Share this job

Cyber Security Research Strategist

Wells Fargo
Winston-Salem, NC

Separate email addresses with commas

Enter valid email address for sender.

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast