Security Engineer III Logging & SIEM

At F5 we strive to bring a better digital world to life. Our teams empower organizations across the globe to create secure and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers and their customers better. And it means we prioritize a diverse F5 community where each individual can thrive.

At F5 we strive to bring a better digital world to life. Our teams empower organizations across the globe to create secure and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers and their customers better. And it means we prioritize a diverse F5 community where each individual can thrive.

Security Engineer III- Logging & SIEM

F5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the worlds largest most advanced organizations to optimize and secure every app and API anywhere including on-premises in the cloud or at the edge. F5 enables organizations to provide exceptional secure digital experiences for their customers and continuously stay ahead of threats. For more information visit

Position Summary:

The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating maintaining and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise extensive knowledge in security and substantial experience with logging. Youll be working with teams around the world in this position so flexibility and excellent communication is key to excel in this role.

Responsibilities:

• Be part of the architectural direction administration maintenance documentation and oversight of the event logger and Security information and event management (SIEM) solution
• Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool.
• Create and maintain integrations and solutions for the log collection aggregation indexing search alerting
• Manage implementation enhancement and adoption of the solutions built by the team into operations
• Utilize log ingestion platform for security analytics and identification of tactics techniques and patterns of attackers
• Collect and review security logs from all systems (Cloud Providers GitLab OS G-Suite OKTA IDS etc.) to ensure they can be used by the detection engineering team
• Ensure compliance with internal policies standards and regulatory requirements
• Contribute to creation of security operation runbooks threat hunting run books

Required Skills & Knowledge:

• Requires at least 6 years of relevant industry experience preferably in SIEM
• Experience with large scale log aggregation/SIEM systems like SumoLogic Splunk Exabeam LogRhythm etc.
• Good written and verbal communication skills
• Experience working in site-reliability engineering cloud security system engineering or similar positions
• Demonstrated experience with running systems at scale
• Proficiency to communicate over a text-based medium (Slack GitLab Issues Email) and can succinctly document technical details
• A Computer Science or Engineering degree is preferred but not required
• Automation: Proficiency in scripting language such as Python or Bash.
• Experience with log identifications and analysis withing GCP AWS Azure or other cloud provider.

Bonus Points:

• Experience analysing and interpreting large volumes of data to identify potential threats and security incidents
• Nice to have: Experience implementing Data Engineering patterns with Spark Databricks pandas or SQL
• Nice to have: An understanding of attacker exploit and evasion techniques
• Nice to have competency in BigQuery Athena or any cloud provider query language.
• Nice to have familiarity with regex
• SANS (GCFR GMON or other related certifications )

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @) or auto email notification from Workday (ending with or @).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race religion color national origin sex sexual orientation gender identity or expression age sensory physical or mental disability marital status veteran or military status genetic information or any other classification protected by applicable local state or federal laws. This policy applies to all aspects of employment including but not limited to hiring job assignment compensation promotion benefits training discipline and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting .

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @) or auto email notification from Workday (ending with or @).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race religion color national origin sex sexual orientation gender identity or expression age sensory physical or mental disability marital status veteran or military status genetic information or any other classification protected by applicable local state or federal laws. This policy applies to all aspects of employment including but not limited to hiring job assignment compensation promotion benefits training discipline and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting .