F5 SIRT Sr. Security Engineer

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

POSITION SUMMARY: 

The Senior Security Engineer is a technical security position in the F5 Security Incident Response Team (F5 SIRT). Addressing security issues in F5 products is the responsibility of the F5 Security Incident Response Team (F5 SIRT). The F5 SIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to F5 products and networks.

The Senior Security Engineer position provides expert security technical leadership for F5 SIRT. This position requires complete Security Knowledge and an expert with regards to security threats, incident handling methodologies and offensive/defensive attack vectors. A Senior Security Engineer follows incident handling procedures to drive mitigation of security incidents and will be called to perform expert attack analysis, configuration suggestions, and potential onsite interaction. A Senior Security Engineer can handle multiple active issues of diverse scope simultaneously while maintaining good communication, particularly written communication to our customers, and accepts ownership of issues until a resolution is delivered or a business as usual state is returned, providing high customer satisfaction. When not engaged in incidents, a Senior Security Engineer will mentor other security related issues, researches emerging threats and both documents and presents their impact on F5 products and services. Advocates every single day for improving the security of F5 products and services.

A good candidate has a deep passion for security and a desire to help develop a security mindset in others. The role also requires a strong ability to work with incomplete information and to adapt to changing priorities.

PRIMARY RESPONSIBILITIES:

• Responsible for upholding F5s business code of ethics & for promptly reporting violations of the code or other company policies
• Monitors security issues in order to identify and act upon them as they occur
• Participate in tier 2 and tier 3 security support
• Provide expert incident handling and drives both attack analysis and mitigation options
• Provides F5 customers with high-quality support experience
• Manages multiple issues and prioritizes based upon customer and business needs, without direction
• Effectively engages supporting escalation personnel, without direction
• Ensure complete and clear incident documentation
• Maintain incident documentation, participate in post-mortems, and write incident reports.
• Continuous research into emerging threats and mitigation options
• Independently develops and deliver security content and training based on research and testing within the security field and with F5 products to drive security mindset.
• Perform general security awareness and specific security technology training
• Engages in on-going training within the security field and with F5 products
• Follows processes defined in F5’s Quality Management System (QMS)
• Work closely with others to develop incident response plans
• Identify the gaps between the security incident response process and customers' needs, optimize/improve the workflow/process
• Act as the technical lead, identify the knowledge/technical skill gaps in the team, develop a training plan for the team, mentor/train other members of the team
• Identify trends and/or common knowledge gaps and ensure they are documented via the KCS Solve Loop
• Ensure that security related knowledge is documented within KCS and represent Security within the KCS Evolve Loop, for example RCA feedback into product design & documentation
• May lead projects and provide guidance/training to less experienced staff, mentoring.
• Perform expert threat and vulnerability management, monitoring of CVE and vendor notifications
• Evaluate and execute cross-functional security initiatives across the enterprise.
• Work with cross functional Engineering teams to ensure all systems are properly remediated according to our policies and standards.
• Lead steering committee(s) to analyze vulnerabilities and their impact to assess risk ratings
• Provide strategic security analytics metrics and reports.
• Provide security-related metrics for all levels including executive-level dashboards to demonstrate process effectiveness and remediation across the enterprise
• Effectively communicate and document risks related to the vulnerability environment and appropriate levels of urgency to management and engineering staff
• Represent Information Security on organizational project teams and ensure adherence to existing security policies and standards.
• Work closely with Incident Response and Risk Management teams and leverage corporate tools to provide supporting documentation for remediation prioritization and emergency security coverage.
• Ability to think with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice areas: application security; network security, infrastructure security.

QUALIFICATIONS:

• Minimum of 15 years experience in a technical security role such as support, monitoring or consulting (e.g. pen testing) working with relevant technologies
• Information security subject matter expert
• Expert understanding of industry standards such as CVE, CPE, and CVSS
• Strong understanding of security frameworks and NIST standards
• Appropriate security based qualification; CISSP, GCIH (or demonstrated skills and ability to obtain certification) – more than one certification preferred.
• Public cloud certifications (or demonstrated skills and ability to obtain certification)
• Expert experience with security incident handling processes, procedures and methodologies.
• Expert technical experience with identifying and mitigating a breadth of attacks such as DDoS, web application, DNS and other network attacks.
• Expert knowledge with common security vulnerabilities and the ability to judge their severity
• Expert experience with working security incidents at corporate production environments
• Experience working with network and packet analysis tools
• BA/BS degree or equivalent experience
• Expert knowledge with Web Application Firewalls, Firewalls and IPS/IDS
• Expert experience with network vulnerability scanners
• Expert OS hardening and security best practices
• Knowledge of common Malware types and infection vectors

KNOWLEDGE, SKILLS AND ABILITIES

• Hands on technical experience with and very knowledgeable on LAN/WAN operations, and/or networking hardware required
• CVE and CERT experience
• Expert knowledge of security offensive/defensive techniques and methodologies.
• Expert understanding of security attack/defense methodologies (e.g. DNS, network TCP/IP, SSL and HTTP)
• Intermediate understanding and working knowledge of TCP/IP, SSL, DNS, HTTP and common protocols.
• Coding experience – having, in addition to Python, knowledge in other scripting languages
• Understanding of the underlying mechanisms for security vulnerabilities at a code and assembly level, e.g. buffer overflows, input sanitisation
• Knowledge of network and security monitoring tools
• Familiarity with load balancers, WAF’s and common network architectures
• Working knowledge of standard UNIX/Linux command line tools
• Hands-on technical experience with public clouds (e.g. AWS, Azure or GCP), and container-based deployments and orchestration tools (e.g. Kubernetes, Docker, Terraform and Ansible)
• Knowledge of microservice architecture, modern application architecture and API security
• Ability to generate new training and knowledge sharing content via various delivery method 
• Able to work with moderate supervision
• Proven track record in a team environment
• Analytical thinker with strong attention to detail
• Must be able to read, write and speak English fluently, including technical concepts and terminology.
• Must be able to relay technical information to customers with varying skill levels
• Ability to create attack Proof of Concepts
• Experience with incident tracking software, Seibel experience a plus

PHYSICAL DEMANDS AND WORK ENVIRONMENT:

Duties are performed in a normal office environment while sitting at a desk or computer table. Duties require the ability to utilize a computer, communicate over the telephone, and read printed material. Duties may require the ability to travel via automobile or airplane, approximately 20% of the time spent traveling. Some datacenter/lab work as well. Duties may require the ability to lift 50 lbs enabling them to rack our controllers in customer locations or our lab. This role may require work outside of core business hours, including early morning, late evening, overnight, weekends, and/or holidays as needed. There will be a requirement to participate in an on-call rotation

Some travel may be required, a current passport is required

This role is regional – Americas, EMEA and APJ.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.