Lead Cyber Security Research Consultant

Wells Fargo - San Antonio, TX

posted 3 months ago

Full-time
San Antonio, TX
Credit Intermediation and Related Activities

About the position

Wells Fargo is seeking a Lead Cyber Security Research Consultant who possesses deep expertise in Windows and associated technologies. This role is pivotal in ensuring the security of the company's information systems, and it requires a candidate who is passionate about cybersecurity and has hands-on experience with Windows internals. The ideal candidate will have a knack for exploring and identifying vulnerabilities, conducting root cause analysis, and staying informed about current threat information. The position involves a variety of skills, including information security monitoring, incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, and cyber threat intelligence. As a Lead Cyber Security Research Consultant, you will engage in exploit testing and proof-of-concept development to identify potential cyber-attack vectors that could threaten the company's information security environment. Your daily tasks will include conducting technical research to detect emerging cyber threats and maintaining a deep understanding of Advanced Persistent Threat (APT) Tactics, Techniques, and Procedures (TTPs). A well-rounded understanding of endpoint and network defenses, as well as detection methodologies, is essential. You will also need to understand how adversarial cyber threat actors think and operate. Collaboration is key in this role, as you will work closely with various teams, including the Cyber Threat Fusion Center, Security Content Development, Cyber Threat Intelligence, and Offensive Security teams. The ability to thrive in a fast-paced environment while managing multiple priorities is crucial. Strong verbal and written communication skills are necessary to convey complex security concepts effectively. This position is based in San Antonio, TX, and requires a hybrid work model, with employees expected to be in the office three days a week.

Responsibilities

  • Conduct exploit testing, proof-of-concept development, and analysis on relevant Windows threats and threat actors.
  • Follow current trends on evolving threats, threat actors, and their TTPs to identify over-the-horizon cyber-attack vectors that may pose a risk to the company's information security environment.
  • Identify, collect, and analyze malicious code to conduct exploit and malware research specific to Windows and threat actors.
  • Utilize subject matter knowledge in industry identifying security solutions.
  • Review and correlate security logs.
  • Identify security vulnerabilities and issues, perform risk assessments, and evaluate remediation alternatives.
  • Consult with engineering team on change design requiring solid understanding of technical process controls or standards that influence and drive new initiatives.
  • Collaborate and influence all levels of professionals including managers.

Requirements

  • 5+ years of Information Security Engineering experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education.
  • 3+ years of experience in research, analysis and testing of Windows-based exploits, malware and TTPs.
  • 2+ years of executing ethical penetration testing including exploitation and post-exploitation experience.

Nice-to-haves

  • Information security experience including experience in one or more of the following security disciplines: information security monitoring, incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, or cyber threat intelligence.
  • Malware research and analysis experience.
  • Experience with security technology product evaluation, proof of concepts and testing.
  • Experience in detection engineering and signature development.
  • General programming skills, along with knowledge of programming languages such as C, C++, Python, Ruby, Golang, and .NET.
  • Assess cloud system vulnerabilities for security risks and propose and implement risk mitigation strategies.
  • Experience with malware reverse engineering.
  • Prior experience with banking or financial services industry.
  • Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions.
  • Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service