Senior Information Security Engineer

About Wells Faro:
Wells Fargo India enables global talent capabilities for Wells Fargo Bank NA., by supporting business lines and staff functions across Technology, Operations, Risk, Audit, Process Excellence, Automation and Product, Analytics and Modeling. We are operating in Hyderabad, Bengaluru and Chennai locations.

Department Overview:

Wells Fargo views Cybersecurity as enabling lines of business to mitigate information security risk in accordance with our risk appetite. Through a framework that addresses policy, process, operations, people, and technology, Cybersecurity protects our infrastructure, company data, and customer assets while ensuring alignment with applicable regulations and laws. Our vision is to provide Wells Fargo with world leading Cybersecurity risk management.

About this role:

The Cybersecurity Defense and Monitoring (CDM) group is looking for a Sr Information Security Engineer to join our Cybersecurity Defense and Monitoring (CDM) Team in the areas of Cyber Threat Fusion Center. The Sr Information Security Engineer will participate in the monitoring, identification, analysis, case management and response actions at one of our 24x7 global information security operations centers. The Analyst will play a pivotal role in maintaining security sensors, designing, testing, and implementing information security solutions using various tools like SIEM, EDR, SOAR and Sandboxing solutions.

In this role, you will:

• Lead or participate in computer security incident response activities for moderately complex events.
• Work on SIEM, EDR and SOAR solutions.
• Conduct technical investigation of security related incidents and post incident digital forensics to identify causes and recommend future mitigation strategies
• Provide security consulting on medium projects for internal clients to ensure conformity with corporate information, security policy, and standards
• Handle Phishing campaigns.
• Utilize subject matter knowledge in industry leading security solutions and best practices to implement one or more components of information security such as availability, integrity, confidentiality, risk management, threat identification, modeling, monitoring, incident response, access management, and business continuity
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals
• Required Qualifications:
• Must have 7+ years of Cybersecurity experience specifically working in Security Operations and hands-on experience with SIEM (Arcsight/SPLUNK/RSA-SA/Qradar/Chronicle)
• Must have basic understanding on cyber kill chain, MITRE framework and NIST framework.
• Demonstrated experience in Security Incident Response, Mitigation and Remediation methodologies
• Ability to manage complex security scenarios and develop innovative solutions to address the most recent cyber threats
• Advanced knowledge of networks, protocols, standards, Linux/Unix/Window OS internals, and system configuration
• Experience with least one scripting language, such as: PowerShell, Python, Bash, PHP, etc.
• CISSP, OSCP, CEH or other relevant certifications highly preferred

Desired Qualifications:

• Knowledge and understanding of banking or financial services industry
• Experience working in a large enterprise environment
• Strong analytical skills with high attention to detail and accuracy
• Knowledge and understanding of system/application architecture and design concepts
• Ability to work effectively, as well as independently, in a team environment
• Strong organizational, multi-tasking, and prioritizing skills
• Ability to handle confidential material in a professional manner.

Job Expectations:

The person selected will be responsible for rapidly assessing security information, identify security sensor and tool issues (e.g., case floods, false positives, sensor anomalies, etc.), and coordinate the resolution of security infrastructure issues impacting the Cyber Threat Fusion Center’s ability to execute its mission.
Additionally, this person will effectively conduct correlation analysis across numerous internal and external data sources, identify information security incidents, and support computer security incident response team (CSIRT) activities.