Principal Engineer, Software

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

About the F5 Platform Security Team

The Platform Security team is responsible for the ensuring the products F5 builds are a secure as we can make them. We provide services and support to F5 development teams in all phases of the Secure Development Lifecycle – from design time security and threat analysis, to best development practices training, to security testing and certifications, to vulnerability response and management.

Position Summary

This position is responsible for Security Software development Lifecycle (SDLC) and implementation of complete software components related to the security certifications features of the BIG-IP. Performs Security Design reviews and Threat Model Assessments for complex security products and components. Requires little direct management to complete the majority of tasks.

Primary Responsibilities

• Research, design and support the implementation of platform security solutions for the organization.

• Articulate Security Analysis findings and provide remediation strategies as well as Security Threat Modelling.

• Develop processes, architecture, and tools for securing the products.

• Document security standards, solutions, data flows, procedures, and other technical information as directed.

• Provides expert technical advice to technical staff within the appropriate technical discipline.

• Operate independently determine and develop approach to security solutions under limited direction.

• Evaluate and apply mature technologies to meet current or emerging business needs.

• Performs other related duties as assigned.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job.  However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Knowledge, Skills, and Abilities

• Graduate/Masters in computer science with a minimum of 10+ years of software development experience in C/C++ is a plus

• Experienced in DevSecOps, Secure design & development and application security

• Strong Knowledge on security standards such as OWASP, WASC, SANS etc.

• Experience with system Vulnerability assessment, Network Penetration Testing, Threat modelling, DDOS mitigation.

• Very good Hands-On Experience in at-least one of the automated web application vulnerability scanners like AppScan, Webinspect, Accunetix, Burpsuite Pro etc.

• Very good Hands-On Experience in at-least one of the Penetration Testing tools like - Aircrack-ng, Wireshark, Nmap, Metasploit etc

• Strong knowledge on Static Code Analyzers like Fortify, Sonarqube, Checkmarx etc.

• Have detailed Knowledge of common Web application attack vectors such as SQL injection, CSRF, XSS, Session Management issues, Direct Object reference, Click-jacking, Buffer-overflows, etc

• Experience developing and delivering Security Trainings, Tech Talks and Presentations to the Developers and Security Champions is a plus

Qualifications

• Typically requires a minimum of 10+ years of related experience with a Bachelor’s degree; or 8 years and a Master’s degree; or a PhD without experience; or equivalent work experience.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.