About this role:

We are seeking a Lead Cyber Security Research Engineer to perform adversary emulation by simulating real‑world threat actor attacks. This role supports Wells Fargo Lines of Business by providing actionable insights into indicators of compromise and adversary tools, tactics, and procedures (TTPs), enabling improved detection and response capabilities across the enterprise.

The successful candidate will design, create, and execute end‑to‑end attack chains in collaboration with Threat Simulation team members and will debrief leadership and business owners to demonstrate how chained weaknesses can be combined to achieve higher‑impact outcomes. The role requires the ability to leverage advanced offensive security tools, develop proof‑of‑concept exploits, and clearly document attack paths so they can be reliably reproduced and used to inform defensive improvements.

This position is responsible for researching, analyzing, designing, testing, and implementing complex technologies, systems, and applications in support of adversarial operations. The role reports to Cyber Threat Management – Offensive Security Research Team (OSRT - Red Team).

In this role, you will:

• Lead initiatives including the research, analysis, design, testing and implementation of the most complex computer network security and protection technologies for company information and network systems and applications
• Act as professional red teamer utilizing hacking tools to modify or create proof of concept exploits that mimic techniques of the most sophisticated attackers
• Review and analyze complex advanced computer security incident response activities and technical investigations of information security related incidents
• Identify vulnerabilities and associate those to a severity rating by deriving impact and ease of exploit
• Conduct security risk assessments to ensure compliance with corporate information security policies and adherence to best practices
• Communicate to the line of business on the inherent risks, providing meaningful mitigation strategies
• Collaborate and consult with peers, colleagues and managers to resolve issues and achieve goals

Required Qualifications:

• 5+ years of Cyber Security Research experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years of information security experience in converged testing (red teaming)
• 4+ years of performing white hat exploitation and post-exploitation experience
• 2+ year of experience in network, social, and physical domains
• Proven ability to translate complex technical concepts into clear, actionable insights for audiences ranging from deep technical practitioners to business partners and executive leadership.

Desired Qualifications:

• Knowledge of Python, PowerShell, and Shell Scripting
• Previous experience with common command-and-control (C2) frameworks such as Cobalt Strike and Mythic or other advanced red team tooling
• Knowledge and understanding of information security risk assessment procedures, risk mitigation or remediation
• Experience in one or a combination of the following: creating proofs of concept, creating exploits, or reverse engineering
• Experience performing security assessments against cloud service providers (Azure/ GCP) and/or AI technologies
• Ability to handle confidential material in a professional manner
• Knowledge and understanding of banking or financial services industry
• Experience working in a large enterprise environment
• Knowledge and understanding of system/application architecture and design concepts

Job Expectations:

• This position offers a hybrid work schedule
• This position is not eligible for Visa sponsorship
• Demonstrate proficiency in using AI‑assisted development and analysis tools (e.g., GitHub Copilot and approved code‑centric agents)
• Leverage AI to accelerate system design, coding, testing, analysis, and troubleshooting
• Apply strong technical judgment when validating and integrating AI‑assisted outputs into solutions
• Understand and account for model limitations, security risks, and operational considerations
• Apply AI responsibly in development and production environments
• Ensure AI usage aligns with security, compliance, privacy, and ethical standards

Posting End Date:

*Job posting may come down early due to volume of applicants.