In this role, you will:
- Oversee the development of red teaming methods and solutions within and across the enterprise, to include (but not limited to) the areas of business continuity, emergency management, supply chain security, information security, personnel security, operations security, and facilities security
- Build a mentoring program for the red team and its partners to help develop the capabilities around threat emulation, malware and tool creation, and tradecraft
- Act as a senior contributor to the Offensive Security Research Team to provide subject matter expertise on offensive operations, operationalizing threat intelligence, tool development, and tradecraft
- Work closely with blue and purple team partners during operations and work with them on detection effectiveness, building relationships among the differing groups
- Build and maintain a comprehensive model of relevant, feasible threats to the enterprise
- Educate senior management regarding the strengths, weaknesses, opportunities, and threats associated with strategic red teaming
- Provide regular threat/risk briefings to senior management regarding issues raised by the red team. Present findings within a context of overall risk to the enterprise. Adjust red team activities and agenda based on senior management input
- Work closely with existing infrastructure and security teams, both to receive input and to provide practical and actionable intelligence
- Act as an adversarial counterpoint to security strategy proposals
- Work closely with the Attack Research Support team on the development of tools and strategies to address security issues at scale.
Required Qualifications:
- 7+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
- 7+ years of experience in briefing senior level executives and key stakeholders around red team activities
- 7+ years of information security reporting and analysisexperience
- 5+ years of experience in one or a combination of the following: reporting, analytics, or modeling in an information security environment, information technology environment, or a combination of both
- Active US Top Secret / Sensitive Compartmented Information (TS/SCI) Security Clearance
Desired Qualifications:
- Understanding of NIST framework (National Institute of Standards and Technology)
- 4 years of Threat Modeling
- Involvement with FS-ISAC (Financial Services - Information Sharing & Analysis Center) , ARC (Analytics and Resiliency Center), NDCA (National Cyber Defense Alliance), BPI (Bank Policy Institute), other financial or military intelligence sector partners
- 7 years of experience conducting red team assessments of high-consequence systems
- Understanding of MITRE ATT&CK framework
- Experience with Cobalt Strike, Burp Suite, Crowdstrike, Chronicle, EDR solutions
- Thorough understanding of concepts and principles related to security, strategy, management, and intelligence analysis
- Ability to work productively with a variety of stakeholders (and their associated, sometimes conflicting) interests within the enterprise
- Ability to work with and against internal resistance, and, as necessary, build consensus for red teaming within the enterprise
- Ability to think and act both strategically and tactically, theoretically, and pragmatically
- OSCP certification or other similar related securitycertifications
- GCP and Azure certifications
Job Expectations:
- This position offers a hybrid work schedule
- This position is not eligible for Visa sponsorship
- In person attendance to required partner meetings in regional field locations
- Active US Top Secret / Sensitive Compartmented Information (TS/SCI) Security Clearance orability to obtain Top Secret Clearance within 6 months of hire
3 Sep 2024
Wells Fargo Recruitment and Hiring Requirements:
b. Wells Fargo requires you to directly represent your own experiences during the recruiting and hiring process.