Information Security Senior Engineer

Important Note: During the application process, ensure your contact information (email and phone number) is up to date and upload your current resume when submitting your application for consideration. To participate in some selection activities you will need to respond to an invitation. The invitation can be sent by both email and text message. In order to receive text message invitations, your profile must include a mobile phone number designated as 'Personal Cell' or 'Cellular' in the contact information of your application.

At Wells Fargo, we want to satisfy our customers' financial needs and help them succeed financially. We're looking for talented people who will put our customers at the center of everything we do. Join our diverse and inclusive team where you'll feel valued and inspired to contribute your unique skills and experience.

Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.

Wells Fargo Technology is a team of more than 40,000 information technology and security professionals who help keep Wells Fargo at the forefront of America's diversified financial services companies. Employees execute an engineering-led IT strategy to deliver stable, secure, scalable and innovative services that provide Wells Fargo global customers ‘round-the-clock' banking access through in-store, online, ATM, and other channels. Wells Fargo Technology plays a critical role in the company's customer and employee experience, business and risk management transformation, and growth agenda.

ENTERPRISE INFORMATION SECURITY:
Since 1852, customers have trusted that Wells Fargo would keep their assets secure from theft and always available. Today, maintaining customer trust remains our underlying operating principle.

Enterprise Information Security's (EIS) vision is to provide Wells Fargo world leading cyber security risk management. Through a framework that addresses policy, process, operations, people, and technology, EIS protects Wells Fargo's infrastructure, corporate data, and customer assets, and ensures alignment with applicable regulations and laws. EIS is part of Wells Fargo's Corporate Risk organization and is led by the Chief Information Security Officer.

Our Enterprise Information Security team is looking for a strong cyber security professional to join our Cyber Threat Fusion Center (CTFC) Threat Hunting team. The ideal candidate will have extensive experience in network and endpoint forensics, incident response, and threat hunting methodologies utilizing both Deep Packet Inspection (i.e. full packet capture) and NetFlow solutions. The ideal candidate will additionally have a well-rounded background in endpoint/network security defenses as well as some offensive security knowledge to allow the ability to think like an adversary. This role will serve as an incident responder to assess the risk, impact, and scope of identified security threats, as well as leading the response efforts to include containment, eradication, and recovery. Strong verbal and written communication skills are desired, in order to ensure thorough and accurate reporting during and concluding a security incident. The candidate will also play a major role in the creation of new logic and supporting procedures to identify anomalous network and/or endpoint behaviors for CTFC alert monitoring. Threat hunting efforts will be focused primarily on identifying advanced threats that are not detected via traditional security tools. Regular collaboration with multiple teams such as Threat Detection Services, Security Content Development, Cyber Threat Intelligence, Cyber Threat Forensics, and Offensive Security teams will be critical to success. This position will help to provide metrics associated with our ability to discover and react to security threats based on the evolving landscape.

• 7+ years of information security applications and systems experience
• 6+ years of information technology applications and systems experience
• 7+ years of Incident Response Protocols and Tools experience
• 5+ years of Security Information and Event Management (SIEM/SIM/SEM) experience
• 5 + years of experience with network security, endpoint security, or security threat vectors
• 5+ years of Incident Management System experience
• 5+ years of DPI (Deep Packet Inspection) experience

• Knowledge and understanding of malware reverse engineering including: code or behavior analysis for endpoints and the network
• Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
• Experience working in a large enterprise environment
• Knowledge and understanding of banking or financial services industry

• Provides situational awareness based on team authored threat reports
• Ability to hunt for IOCs based on attack surface and implement for CTFC security monitoring
• Hands-on experience with information security tools such as an enterprise SIEM solution, IDS/IPS, endpoint security solutions, email/web security gateways, and other security detection/mitigation devices
• Experience with host-based and/or network-based forensics tools and techniques
• Experience with host and/or network log analysis as applied to incident response / threat hunting
• Knowledge of offensive security, with the ability to think like an adversary when hunting and responding to incidents
• Strong ability to identify anomalous behavior on endpoint devices and/or network communications
• Strong experience in operating system and application security hardening and best practices
• Strong investigative mindset with an attention to detail
• Experience with multiple operating systems to include Windows, Mac OS, and Unix/Linux
• Demonstrate the ability to provide written and verbal communications to management to address real-time issues and incidents, including writing formal incident reports
• Advanced problem solving skills, ability to develop effective long-term solutions to complex problems
• Certifications in one or more of the following: Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Network Forensics Analyst (GNFA), Offensive Security (OSCP/OSCE/etc), or other relevant certifications.
• 5+ years of experience with full packet capture solutions.
• Develop monitoring dashboards based on thresholds or signatures for security alerting/automated case creation