Cyber Threat Hunter - Info Security Sr Engineer
Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as 'Personal Cell' or 'Cellular' in the contact information of your application.
At Wells Fargo, we are looking for talented people who will put our customers at the center of everything we do. We are seeking candidates who embrace diversity, equity and inclusion in a workplace where everyone feels valued and inspired.
Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Technology sets IT strategy; enhances the design, development, and operations of our systems; optimizes the Wells Fargo infrastructure; provides information security; and enables Wells Fargo global customers to have 24 hours a day, 7 days a week banking access through in-branch, online, ATMs, and other channels.
Our mission is to deliver stable, secure, scalable, and innovative services at speeds that delight and satisfy our customers and unleash the skills potential of our employees.
Our Information and Cyber Security (ICS) team is looking for a senior Cyber Security professional to join our Security Content Development (SCD) team. Duties include creating, improving, and delivering events of interest from both upstream security tools and big data solutions for the benefit of the Cyber Security teams. The ideal candidate will have extensive experience in network-focused forensics and threat hunting utilizing both Deep Packet Inspection (i.e. full packet capture) and EDR solutions. The ideal candidate will additionally have a well-rounded background in endpoint/network defenses and security incident response, as well as some offensive security knowledge to allow the ability to think like an adversary. Polished verbal and written communication skills are desired, in order to ensure thorough and accurate reporting during the work to visualize, investigate, contain, and conclude a security incident. The candidate will play a major role in our cyber threat hunt automation efforts, including the vetting of new models and procedures to identify and react to anomalous network and/or endpoint behaviors. Threat hunting efforts will be focused primarily on identifying advanced threats that are not detected via traditional security tools. Regular collaboration with multiple teams such as the Cyber Threat Fusion Center, Security Content Development, Cyber Threat Intelligence, Threat Detection Services, and the Offensive Security Research Team will be critical to success. This position is designed to assure success in our next-generation ability to discover and react to advanced security threats.
The Information and Cyber Security (ICS) team is embarking on a multi-year initiative to improve Wells Fargo's resiliency to the tactics, and techniques used by today's most advanced adversaries. ICS is looking to bring together a multi-functional, agile team to partner across disciplines in order to create a more secure future for the company and its customers. Join a team of dedicated Cybersecurity professionals working to implement cutting edge threat detection and prevention tools and techniques.
- 7+ years of information security applications and systems experience
- 6+ years of information technology applications and systems experience
- 1+ year of Packet Analysis experience
- 2+ years of Splunk experience
- 3+ years of DPI (Deep Packet Inspection) experience
- 3+ years of Incident Management System experience
- 3+ years of Regular Expression (regex) experience
- 5+ years of Security Information and Event Management (SIEM/SIM/SEM) experience
- 5 + years of experience with network security, endpoint security, or security threat vectors
- 1+ year of Endpoint Detection and Response (EDR) experience
- 1+ year of Cyber Threat Hunting experience
- 3+ years of Incident Response Protocols and Tools experience
- Experience working in a large enterprise environment
- Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
- Knowledge and understanding of banking or financial services industry
- Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
- Knowledge and understanding of malware reverse engineering including: code or behavior analysis for endpoints and the network
- 3+ years of Linux experience
- Experience analyzing large data sets
Other Desired Qualifications
- 2+ years of Endpoint Detection and Response (EDR) experience
- Hands-on experience with information security tools such as an enterprise SIEM solution, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices
- Experience with host-based and/or network-based forensics tools and techniques
- Experience with host and/or network log analysis as applied to incident response / threat hunting
- Knowledge of offensive security, with the ability to think like an adversary when hunting and responding to incidents
- Strong ability to identify anomalous behavior on endpoint devices and/or network communications
- Strong experience in operating system and application security hardening and best practices
- Strong investigative mindset with an attention to detail
- Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux
- Demonstrate the ability to provide written and verbal communications to management to address real-time issues and incidents, including writing formal incident reports
- Advanced problem solving skills, ability to develop effective long-term solutions to complex problems
- Certifications in one or more of the following: Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensics Analyst (GNFA), Offensive Security (OSCP/OSCE/etc), or other relevant certifications.
- Experience with full packet capture solutions.
- Ability to work additional hours as needed
- Ability to travel up to 10% of the time
NC-Raleigh: 1100 Corporate Center Dr - Raleigh, NC
MA-Boston: 125 High Street - Boston, MA
IL-Chicago: 10 S Wacker Drive - Chicago, IL
TX-DAL-Downtown Dallas: 1445 Ross Ave - Dallas, TX
IA-Des Moines: 800 Walnut St - Des Moines, IA
MN-Minneapolis: 255 2nd Ave S - Minneapolis, MN
NY-New York: 150 E 42nd St - New York, NY
PA-Philadelphia: 101 N Independence Mall E - Philadelphia, PA
AZ-PHX-Northwest Phoenix: 2222 W Rose Garden Ln - Phoenix, AZ
CA-SF-Financial District: 333 Market St - San Francisco, CA
MO-Saint Louis: 1 N Jefferson Ave - Saint Louis, MO
All offers for employment with Wells Fargo are contingent upon the candidate having successfully completed a criminal background check. Wells Fargo will consider qualified candidates with criminal histories in a manner consistent with the requirements of applicable local, state and Federal law, including Section 19 of the Federal Deposit Insurance Act.
Relevant military experience is considered for veterans and transitioning service men and women.
Wells Fargo is an Affirmative Action and Equal Opportunity Employer, Minority/Female/Disabled/Veteran/Gender Identity/Sexual Orientation.
Visit https://www.wellsfargo.com/about/careers/benefits for benefits information.