Wells Fargo is looking for a Information Security Analyst in McLean – Apply Here!
About This Role
Wells Fargo is seeking a Lead Information Security Analyst for their Cyber Threat Intelligence Team to lead efforts in detecting cyber security threats to the global Wells Fargo environment. This role requires partnering with key stakeholders across the company to improve our overall risk posture by providing highly technical cyber threat intelligence. The CTI Tactical team is responsible for the identification and analysis of advanced threats against the bank. The team focuses on-providing technical intelligence to SOC operations, incident response, threat hunt teams, vulnerability management, insider threat, fraud teams and business requirements while ensuring that senior leaders are advised of current and ongoing threats allowing them to make informed decisions. Wells Fargo is looking for a CTI Analyst who will be responsible for analyzing and responding to threats confronting Wells Fargo and the financial sector.
What You Will Be Responsible For
• Collecting requirements from stakeholders and conducting research and analysis to provide timely and actionable intelligence that drives and informs the security posture of the bank.
• Analyzing and understanding advanced cyber actors, their capabilities, and their techniques.
• Working side by side with internal network defenders to provide intel-driven insights into existing and emerging threats.
• Processing and analyzing large data sets including network and endpoint logs to identify trending of threat activity across the network.
• Influencing enhancements to preventative and detective controls by applying knowledge of existing security architectures, tools, and controls to proactively detect and mitigate cyber threats.
• Delivering timely, relevant, and actionable intelligence through reports, briefings, and threat assessments to stakeholders across the bank to improve our ability to detect threats in our environment.
• Continually and consistently review attribution processes to identify reforms that could add to increased speed, efficiency and accuracy in reporting.
• Participate in technical bridge lines to facilitate the identification, mitigation and containment of cyber-security incidents.
In this role, you will:
• Provide advanced information security consultation for all aspects of information security compliance policy, risk management, and remediation
• Direct information security risk assessment and research, and recommend remediation plans and strategies
• Influence stakeholders on net new or on material changes to an asset to influence control decisions
• Provide consulting on security risk assessment and research, and recommend remediation plans and strategies
• Act as more experienced lead to the organization to develop security risk awareness and mitigating actions
• Consult the organization on complex security issues and findings
• Manage the most complex and critical information assets
• Evaluate and interpret internal and companywide information security policies, processes, standards, and participate with more experienced leaders in decision making on information security
• Serve as information security lead to advise on the development and delivery of Information Security Education and Awareness
• Collaborate and consult with peers, colleagues, and mid-level to more experienced managers to resolve issues and achieve goals
• Lead projects and teams
• Coordinate with vendor manager on third party assets to manage information security risks
• Serve as a mentor to less experienced staff
Required Qualifications, US:
• 5+ years of Information Security Analysis experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 3+ years of experience in one or more of the following security disciplines: information security monitoring, incident response, vulnerability management, host/network forensics, cyber-crime investigation, penetration testing, business continuity, or cyber threat intelligence
• 3+ years of Information Security reporting and analysis experience
• Knowledge and understanding of threat analysis and assessment of potential and current information security risk/threats
• Ability to execute in a fast paced, high demand, environment while balancing multiple priorities
• Knowledge and understanding of data security controls including malware protection, firewalls, intrusion detection systems, content filtering, Internet proxies, encryption controls, and log management solutions
• Experience with data analytics, data mining, and parsing of large data sets.
• Strong understanding of the intelligence lifecycle, analytic tradecraft, and attack methodologies such as MITRE ATT&CK.
• Technical or information security certifications are a strong plus.
• Experience working in a Security Operations, Incident Management or Fusion Center operation.
• Familiarity with system and network forensic analysis.
• Proficient with computer networking concepts and internet technologies including TCP/IP protocols.
• Ability to travel up to 5% of the time
We Value Diversity
At Wells Fargo, we believe in diversity, equity and inclusion in the workplace; accordingly, we welcome applications for employment from all qualified candidates, regardless of race, color, gender, national origin, religion, age, sexual orientation, gender identity, gender expression, genetic information, individuals with disabilities, pregnancy, marital status, status as a protected veteran or any other status protected by applicable law.
Employees support our focus on building strong customer relationships balanced with a strong risk mitigating and compliance-driven culture which firmly establishes those disciplines as critical to the success of our customers and company. They are accountable for execution of all applicable risk programs (Credit, Market, Financial Crimes, Operational, Regulatory Compliance), which includes effectively following and adhering to applicable Wells Fargo policies and procedures, appropriately fulfilling risk and compliance obligations, timely and effective escalation and remediation of issues, and making sound risk decisions. There is emphasis on proactive monitoring, governance, risk identification and escalation, as well as making sound risk decisions commensurate with the business unit’s risk appetite and all risk and compliance program requirements.
Candidates applying to job openings posted in US: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Candidates applying to job openings posted in Canada: Applications for employment are encouraged from all qualified candidates, including women, persons with disabilities, aboriginal peoples and visible minorities. Accommodation for applicants with disabilities is available upon request in connection with the recruitment process.