About Wells Fargo
Wells Fargo & Company (NYSE: WFC) is a leading global financial services company headquartered in San Francisco (United States). Wells Fargo has offices in over 30 countries and territories. Our business outside of the U.S. mostly focuses on providing banking services for large corporate, government and financial institution clients. We have worldwide expertise and services to help our customers improve earnings, manage risk, and develop opportunities in the global marketplace. Our global reach offers many opportunities for you to develop a career with Wells Fargo. Join our diverse and inclusive team where you will feel valued and inspired to contribute your unique skills and experience. We are looking for talented people who will put our customers at the center of everything we do. Help us build a better Wells Fargo. It all begins with outstanding talent. It all begins with you.
Market Job Description
About Wells Fargo India
Wells Fargo Indiaenables global talent capabilities for Wells Fargo Bank NA., by supporting business lines and staff functions across Technology, Operations, Risk, Audit, Process Excellence, Automation and Product, Analytics and Modeling. We are operating in Hyderabad, Bengaluru and Chennai locations.
Department Overview
Wells Fargo views information security as enabling lines of business to mitigate information security risk in accordance with our risk appetite. Through a framework that addresses policy, process, operations, people, and technology, Information and Cyber Security (ICS) team protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws.
Our vision is to provide Wells Fargo with world-leading cyber security risk management.
The Cyber Threat Management (CTM) team under Cyber Security Defense and Monitoring (CSD&M) unit, with-in ICS, is responsible for monitoring the cyber threat landscape, developing innovative security solutions, and performing proactive security assessments that mitigate the organization's exposure to Advanced Persistent Threats (APT), Advanced Evasion Techniques (AET), Distributed Denial of Service (DDoS) Attacks, Hacktivism, Cyber Crime, Malware, and other categories of online attacks targeting the financial services industry.
Third-party Risk Intelligence (TPRI) team, under CTM function leverages Wells Fargo proprietary solutions to periodically monitor, review, analyze, assess and report the cyber risk data relevant to Wells Fargo and its third-parties. The team works in collaboration with peer CTM teams to support Wells Fargo and its Third-party cyber risk reduction efforts
About the Role
Our Information and Cyber Security team is looking for an Information Security Engineer to join our Third-party Risk Intelligence (TPRI) team.
The Information Security Engineer will leverage Wells Fargo proprietary solution to monitor, review, analyze, assess and report the cyber risk data relevant to Wells Fargo and its third-parties. The Information Security Engineer will be responsible for tracking and maintenance of Wells Fargo and its third-party cyber risk profiles. The Information Security Engineer will work in collaboration with Cyber Threat Intelligence (CTI) team and other CTM teams to support Wells Fargo and its third-party cyber risk reduction efforts.
Leads Wells Fargo and its third-party cyber security incident response activities for moderate to complex events, conducts technical investigation of cyber security-related incidents and conducts post-incident analysis to identify causes and recommend future mitigation strategies. Identifies security vulnerabilities/issues, performs cyber risk exposure assessments, and evaluates remediation alternatives.
The Information Security Engineer will build PoCs / PoVs, work with CTM tools development teams to demonstrate an drive solution automation, feature enhancements and the product roadmaps.
Serves as subject matter expert in industry leading security solutions and best practices used to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification/modeling/monitoring, and incident response. May interface with senior management.
Market Skills and Certifications
Responsibilities
SME in leveraging industry solutions and passive information gathering techniques to research, identify and report cyber related events of interest relevant to Wells Fargo and its third-parties SME in performing in-depth analysis, assess and determine the risk levels leveraging threat intelligence data Develop threat models based on emerging threats and attacks, and leverage them to perform deep-dive attack surface analysis Create, review and update the third party risk profiles, provide actionable reporting Identifies and automates the functional tasks / activities processes, develops solutions Collaborate with solution engineers and developers for solution and content enhancements Perform risk modeling or create risk models Leads and delivers technical presentations and leadership reports Clear understanding of risk management practices in general and security risk management best practices and methodologies specifically. Clear understanding of computer networks, protocols and technologies. (IP, domain, firewall, routers, HTTP, HTTPS etc.) Demonstrate awareness of cyber security trends, threats, vulnerabilities, including and especially those influencing the financial services industry and banking sector. Knowledge of Internet-based research, search engine, social media and passive information gathering resources Maintain confidentiality of the organization security and technology related information Maintain a broad understanding of information security technologies and products
Essential Qualifications 6 - 8 years of demonstrated information security engineering/consulting experience with cyber threat intelligence research, collection, analysis and reporting, and associated tools and technologies 5+ years of demonstrated experience in performing technical analysis and enrichment of pertinent attacks, threats and their indicators 3+ years of demonstrated experience with at least one scripting language (preferably JavaScript and its frameworks / Python) working on automation and engineering projects 3+ years of demonstrated experience leveraging security technologies such as SIEM for security incident analysis Should possess understanding of third party/vendor/supply chain cyber footprint and associated risks (attacks, threats, vulnerabilities) over the internet Should possess understanding of security and threat landscape relevant to cloud technologies Should possess capabilities & support decision-making efforts and strategic intelligence tasks Demonstrated experience with creating and communication of reports and presentations regarding cyber-attacks, threats and vulnerabilities to various level of personnel within large organization and its vendors Must have a good understanding of the financial services industry, security, risk and privacy Must have current knowledge and stay up-to-date on the latest cyber security advisories, alerts and vulnerabilities Must have knowledge of security technologies and products Bachelor's and/or Master's degree in computer science or information systems CEH or other relevant certifications highly preferred
Desired Qualifications
Excellent verbal, written, and interpersonal communication skills Experience working in a large enterprise environment Strong analytical skills with high attention to detail and accuracy Ability to work effectively, as well as independently, in a team environment Strong organizational, multi-tasking, and prioritizing skills Ability to meet time sensitive deadlines required Ability to work collaboratively and build consensus is essential Ability to make sound decisions and exercise good judgment Ability to work and achieve goals without constant supervision Ability to handle confidential material in a professional manner
We Value Diversity
At Wells Fargo, we believe in diversity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national or ethnic origin, age, disability, religion, sexual orientation, gender identity or any other status protected by applicable law. We comply with all applicable laws in every jurisdiction in which we operate. |
