✦ Luna Orbit — Cybersecurity

Lead Information Security Engineer iWeb Application Security

at Wells Fargo

📍 3 Locations Hybrid Posted March 13, 2026
Apply Now → ← Browse All Jobs

Position Details

Type Not Specified
Experience lead
Exp. Years 5+ years
Education Not specified
Category Cybersecurity

About this role

This role involves leading web application security efforts, managing WAF policies, and mitigating Layer7 attacks in a hybrid environment for a major financial institution.

Key Responsibilities

  • Lead incident response for web attacks
  • Design and maintain security controls for web apps
  • Engineer and tune WAF policies
  • Implement rate limiting and bot mitigation
  • Collaborate with application teams

Technical Overview

The technical scope includes managing enterprise-scale Web Application Firewalls, DDoS protections, API security, scripting automation, and collaborating with SaaS providers in a hybrid cloud setup.

Ideal Candidate

The ideal candidate is a senior security engineer with 5+ years of experience in web application security, specializing in WAF management, DDoS mitigation, and incident response. They possess strong scripting skills and experience working with SaaS security solutions in a hybrid environment.

Must-Have Skills

5+ years of Information Security Engineering experience2+ years in-depth knowledge of HTTP-based web applications5+ years implementing WAF signatures or virtual patches5+ years hands-on with enterprise scale Web Application Firewalls2+ years scripting/automation (e.g.BashAnsiblePowerShellPython)

Nice-to-Have Skills

experience with SaaS providersexperience with DNSexperience with network conceptsexperience with incident response

Tools & Platforms

WAFSaaS providersDNSEdge providers

Required Skills

Web Application FirewallWAFLayer7 DDoSAPI securityrate limitingbot managementincident responsesecurity controlssignaturesvirtual patchesSaaSDNSnetwork conceptsfirewallsscriptingPythonBashAnsiblePowerShelltroubleshootingtelemetry analysissecurity policiesthreat modelingAgileScrumKanban

Hard Skills

Web Application FirewallWAFLayer7 DDoSAPI securityrate limitingbot managementincident responsesecurity controlssignaturesvirtual patchesSaaSDNSnetwork conceptsfirewallsscriptingPythonBashAnsiblePowerShellTroubleshootingTelemetry analysisSecurity policiesThreat modelingAgile methodologiesScrumKanban

Soft Skills

leadershipcollaborationcommunicationproblem-solvingcustomer-facingsecurity consulting

Industry & Role

Industry Financial Services / Banking
Job Function Lead web application security engineering and incident response
Role Subtype Cybersecurity Engineer
Tech Domains Active Directory, Microsoft 365, Azure, Amazon Web Services, Kubernetes

Keywords for Your Resume

Information Security EngineerWeb Application FirewallWAFLayer7 DDoSAPI securityrate limitingbot managementincident responsesecurity controlssignaturesvirtual patchesSaaSDNSfirewallsnetwork conceptsscriptingPythonBashAnsiblePowerShellTroubleshootingTelemetry analysisSecurity policiesThreat modelingAgile methodologiesScrumKanban

Deal Breakers

Less than 5 years of security engineering experience, No experience with WAF or DDoS mitigation, Lack of scripting or automation skills, No experience in hybrid or enterprise environments

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile