About this role:
About the Role
Wells Fargo is seeking a Lead Information Security Engineer for our Inbound Web Application Security (iWAS) team that safeguards the public edge for enterprise web assets—including wellsfargo.com - against sophisticated Layer‑7 (application-layer) attacks. The team leverages a modern, hybrid control plane spanning SaaS providers to protect critical web applications. You will design and operate Layer‑7 DDoS protections, implement and tune WAF policies and signatures, apply bot management/mitigation, and enforce API security and rate limiting to preserve availability, integrity, and performance.
This role is hands-on and customer‑facing with partner application teams. You’ll work to provide security for apps, with a particular emphasis on minimizing false positives/negatives, applying virtual patches, and accelerating onboarding/offboarding for protected applications.
What You’ll Do
- Lead incident response for moderately complex events affecting public web applications, with emphasis on Layer‑7 attack detection, triage, containment, and recovery.
- Provide security consulting to internal application stakeholders, ensuring conformance with enterprise security policies and standards.
- Design, document, test, and maintain security controls for web applications at the edge.
- Engineer, deploy, and tune WAF policies/signatures (e.g., cross‑site scripting, injection, protocol anomalies), bot detection/mitigation, API protection (rate limiting, schema/behavior enforcement), and Layer‑7 DDoS defenses.
- Implement and refine rate limiting for web and API endpoints to ensure resiliency, performance, and abuse prevention.
- Review and correlate security logs and telemetry across edge providers and on‑prem platforms; distinguish real attacks from false positives.
- Apply industry best practices in availability, integrity, confidentiality, risk management, threat modeling, monitoring, incident response, access management, and business continuity.
- Collaborate across security engineering, networking, application owners, and operations to resolve issues and achieve shared goals.
- Support application onboarding/offboarding to the SaaS providers, using knowledge of DNS, WAF, L7 DDoS, bot policies, and GLB/routing considerations.
Required Qualifications
- 5+ years of Information Security Engineering experience, or equivalent (work experience, training, military, education)
- 2+ years in-depth knowledge and troubleshooting of HTTP-based web applications
- 5+ years implementing WAF signatures or virtual patches
- 5+ years hands-on with enterprise scale Web Application Firewalls
- 2+ years intermediate to advanced scripting/automation (e.g., Bash, Ansible playbook/role development, PowerShell, Python)
- 2+ years advanced understanding of network concepts (DNS, firewalls, load balancing)
- 1+ year change and incident management in medium/large enterprise environments
- 1+ year with Agile methodologies (Scrum or Kanban)
- 1+ year basic understanding of TLS, certificates, and mTLS authentication
Desired Qualifications
- Strong verbal, written, and interpersonal communication skills
- Deep WAF concepts knowledge and hands‑on policy engineering
- Demonstrated experience tuning false positives/false negatives, including custom rules and exceptions
- Practical knowledge of data and perimeter security (firewalls, IDS/IPS) and network protocols
- Understanding of network security architectures and standards development
- Familiarity with web security signatures, web firewall policy design, and global load balancing strategies
- Experience with bot mitigation strategies and API security (e.g., endpoint discovery, authentication/authorization patterns, schema validation, rate limiting)
- Experience with application onboarding/offboarding to edge/WAF protection stacks
- Exposure to Information Security frameworks/standards (FFIEC, NIST, ISO)
- Hands‑on Saas/web application security configuration at scale
- Experience protecting large consumer web properties (e.g., high‑traffic, high‑visibility domains)
- Applied protections against cross‑site scripting, injection, and common OWASP Top 10 issues
- Comfort explaining OSI stack layers, especially the difference between network‑layer DDoS (L3/L4) and application‑layer DDoS (L7)
Job Expectations
- Hybrid work schedule
- Relocation assistance: Not available
- Visa sponsorship: Not available for this role
Locations:
- 1525 W. WT Harris Blvd, Charlotte, NC
- 401 Las Colinas Blvd, Irving, TX
- 2600 S. Price Road, Chandler, AZ
