Sr Cyber Security Research Consultant - Offensive Security Research Team - Bug Bounty - Military Veterans

at Wells Fargo

Raleigh, North Carolina

About this role:

Wells Fargo is seeking a Senior Cyber Security Research Consultant to join our Offensive Security Application Research Team (on the Red Team). The role will identify unique ways to solve problems for the bank by creating custom tooling and advancing in-house capabilities. Looking for someone who can bring new ideas and perspectives to identifying and reacting to new threats to the banks data. The position will be responsible for expanding the organizations Vulnerability Disclosure Program and application security research programs. The person must have deep experience and knowledge in the area of vulnerability disclosure programs and application security. The position involves collaborating with other members of the Cyber Security Defense and Monitoring Team and Application (Security) Teams to collaborate on enhancing the detection capabilities to protect the bank. This position reports to the Offensive Security Research Team and works closely with our defense partners in a purple team capacity.

Responsibilities:

  • Own(Lead) and operate the vulnerability disclosure program
  • Maintaining fair and positive interactions with reporters/finders, treating them with honesty, respect and transparency.
  • Ensuring the timely remediation of security concerns
  • Scale out existing tooling and infrastructure
  • Research innovative ways to identify control gaps or vulnerabilities at scale
  • Collaborate with other teams to identify problems and gaps that require new and unique solutions
  • Identify automation opportunities
  • Share the knowledge you learn with other team members and partners
  • Be an evangelist for the Offensive Security Research Team


In this role, you will:

  • Work on initiatives including the research, analysis, design, testing and implementation of complex computer network security and protection technologies
  • Act as professional ethical penetration tester utilizing hacking tools to modify or create proof of concept exploits that mimic techniques of the most sophisticated attackers
  • Review and analyze complex advanced computer security activities and technical investigations of information security related incidents
  • Identify vulnerabilities and associate those to a severity rating by deriving impact and ease of exploit
  • Conduct security risk assessments to ensure compliance with corporate information security policies and adherence to best practices
  • Communicate to the line of business on the inherent risks, providing meaningful mitigation strategies
  • Work with principal engineers and support special projects
  • Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals


Required Qualifications, US:

  • 4+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
  • 3+ Years of experience in one or a combination of the following: creating proof of concepts, creating exploits, or reverse engineering demonstrated through work or military experience
  • 3+ Years of DAST (Dynamic Application Security Testing) experience
  • 2+ Years of information security experience in converged testing (red teaming) demonstrated through work or military experience with an application security focus
  • 2+ Years of advanced scripting experience using Unix Shell Scripting, Perl, Python, Java, or PL-SQL
  • 1+ Year of experience in network, social, and physical domains demonstrated through work or military experience


Desired Qualifications:

  • 2+Years of experience with scripting languages such as Bash, PowerShell, VBScript, or JavaScript
  • Experience with cloud infrastructure
  • Experience working in a large enterprise environment
  • Highly experienced with operating system and application hardening best practices
  • Understanding of recent research and industry advances in Cyber security threat detection and Cyber security experimentation/testing
  • Certifications in one or more of the following: Global Information Assurance Certification (GIAC/SANS), Offensive Security Certified Professional(OSCP), Offensive Security Wireless Professional (OSWP), Offensive Security Certified Expert (OSCE), Offensive Security Exploitation Expert (OSEE), Offensive Security Web Expert (OSWE), or Amazon AWS Certifications


Job Expectations:

  • 5% Travel

@RWF22

We Value Diversity

At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.

Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit's risk appetite and all risk and compliance program requirements.

Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.

Raleigh, North Carolina

At Wells Fargo, we’ve been proudly supporting military veterans and their families for more than 170 years.

We value the leadership, discipline, and skills you’ve gained through your service to our country and recognize the contributions our veteran team members bring to the table. We’re committed to hiring and retaining military veterans, veterans with disabilities, National Guard, Reservists, and Military Spouses.

As a Wells Fargo employee, you’ll find a work culture that is team-oriented, collaborative, structured, and challenging. We support veterans transitioning from military service with a variety of job options, confidential resources, educational information, and career guidance. You may choose to join our Veteran’s Connection Employee Resource Group, a group of thousands who share an interest in veterans’ matters, and that promotes greater awareness and job development within the veteran community. To learn more about opportunities at our company, please visit wellsfargojobs.com/military. Let’s talk about turning your military experience into a great civilian career.

Similar jobs