Cybersecurity Counsel

San Jose, CA - USA

Monthly Salary: $ 245600 - 368400

Posted on: 6 hours ago

Vacancies: 1 Vacancy

Job Summary

At F5 we strive to bring a better digital world to life. Our teams empower organizations across the globe to create secure and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers and their customers better. And it means we prioritize a diverse F5 community where each individual can thrive.

Cybersecurity& Information SecurityCounsel Role

Join F5 as aCybersecurity& Information SecurityCounselto shape our security posture guide incident preparedness and response and embed practical businessforward security requirements into product platform and gotomarket motions.

WhatYoullDo

Lead & operationalize incident responseand data breachlegal workstreams:Advise on IR readiness privilege protocols and crisis decisioning; run legal materiality assessments and contribute to required disclosures (including support for SEC Form 8K cyber incident filings) coordinating closely with the CISO and the Corporate IR Team under established playbooks.

Own security terms in commercialnegotiations:Draft and negotiate securityand data protectionschedulessupport customerand vendorsecurity reviews RFPs and audit requestsincidentnotification clauses vulnerability remediation commitments secure development and testing language and sharedresponsibility delineations; align with internal control owners and the F5 Trust Center materials.

Guide security compliance strategy:Interpret and operationalize frameworks and obligations (e.g. SOC 2 ISO/IEC 27001 FedRAMP NIST SP 80053/CSF DORA) with Product Security Compliance and GTM teams; help design controls and evidence plans that withstand customer andregulatorscrutiny.

Advise on global cyber regulations:Track and translate evolving laws and guidance (e.g. NIS2 DORA EU Cyber Resilience Act sectoral breach rules governmentcontracting security) into actionable requirements for product and cloud services partnering with stakeholders to land scalable processes.

Strengthen customer trust artifacts:Partner with Security Product and CustomerFacing teams on Trust Center content and security questionnaires to clearly articulate F5 and customer control boundaries and audit posture.

Enable securebydesign delivery:Counsel onNISTSSDF practices thirdparty risk SBOM posture pentesting and coordinated vulnerability disclosure data segregation and identity/access controls across multicloud and hybrid deployments.

Drive crossfunctional alignment:Work handinhand withthe Office of General Counselcolleagues (Business Product Commercial Privacy/Compliance IP) and security leaders to embed pragmatic riskbased guidance into roadmaps and contractsensuring security frameworks map cleanly to customer commitments.

Continuously improve programs:Develop playbooks templates and training; run postincident retrospectives; and streamline processes to increase speed clarity and defensibility.

Minimum Qualifications & WhatYoullBring

JD LLB or equivalent degree.

Admitted to the bar and in good standing or otherwise authorized to practice law in WA and/orCA .

6 yearsof experience in cybersecurity and regulatory complianceat a law firm and/or inhouse.

Strong understanding of global cyber and data protection regulations.

Ability to engage deeply with engineering and security leaders.

Handson counselingexperiencein incident response cloud and platform security and security compliance (e.g. SOC 2 ISO 27001 FedRAMP NIST SP 80053/CSF).

Exceptional communication skillsable to translate technical concepts into clear actionable legal guidance for a range of business partners.

Ability tooperatecalmly in crisis situations andmanage and prioritize multiple projects in a dynamic environment fostering collaboration and driving results.

Preferred Qualifications

8 years legal experience including inhouse counseling for technology or cloud/SaaS providers.

Familiarity withpopular cloud platforms andmulticloud architectures.

Knowledge of network and application security technologies (e.g. WAF DDoS mitigation load balancing botdetectionand API security).

Experience aligning programs to global frameworks and sectoral rules (SOC 2 ISO 27001/27701 PCI DSS FedRAMP NIST SP 80053/CSF) and supporting regulator or customer audits.

Success negotiating complex enterprise security terms at scale and partnering with customers security procurement and legal teams on risk allocation.

#LI-RGB1

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

The annual base pay for this position is: $245600.00 - $368400.00

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge skills experience geographic locations and market conditions as well as to reflect F5s differing products industries and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation bonus restricted stock units and benefits. More details about F5s benefits can be found at the following link: F5 reserves the right to change or terminate any benefit plan without notice.

Please note that F5 only contacts candidates through F5 email address (ending with @) or auto email notification from Workday (ending with or @).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race religion color national origin sex sexual orientation gender identity or expression age sensory physical or mental disability marital status veteran or military status genetic information or any other classification protected by applicable local state or federal laws. This policy applies to all aspects of employment including but not limited to hiring job assignment compensation promotion benefits training discipline and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting .

Cybersecurity& Information SecurityCounsel Role

WhatYoullDo

Lead & operationalize incident responseand data breachlegal workstreams:Advise on IR readiness privilege protocols and crisis decisioning; run legal materiality assessments and contribute to required disclosures (including support for SEC Form 8K cyber incident filings) coordinating closely with the CISO and the Corporate IR Team under established playbooks.

Own security terms in commercialnegotiations:Draft and negotiate securityand data protectionschedulessupport customerand vendorsecurity reviews RFPs and audit requestsincidentnotification clauses vulnerability remediation commitments secure development and testing language and sharedresponsibility delineations; align with internal control owners and the F5 Trust Center materials.

Guide security compliance strategy:Interpret and operationalize frameworks and obligations (e.g. SOC 2 ISO/IEC 27001 FedRAMP NIST SP 80053/CSF DORA) with Product Security Compliance and GTM teams; help design controls and evidence plans that withstand customer andregulatorscrutiny.

Advise on global cyber regulations:Track and translate evolving laws and guidance (e.g. NIS2 DORA EU Cyber Resilience Act sectoral breach rules governmentcontracting security) into actionable requirements for product and cloud services partnering with stakeholders to land scalable processes.

Strengthen customer trust artifacts:Partner with Security Product and CustomerFacing teams on Trust Center content and security questionnaires to clearly articulate F5 and customer control boundaries and audit posture.

Enable securebydesign delivery:Counsel onNISTSSDF practices thirdparty risk SBOM posture pentesting and coordinated vulnerability disclosure data segregation and identity/access controls across multicloud and hybrid deployments.

Drive crossfunctional alignment:Work handinhand withthe Office of General Counselcolleagues (Business Product Commercial Privacy/Compliance IP) and security leaders to embed pragmatic riskbased guidance into roadmaps and contractsensuring security frameworks map cleanly to customer commitments.

Continuously improve programs:Develop playbooks templates and training; run postincident retrospectives; and streamline processes to increase speed clarity and defensibility.

Minimum Qualifications & WhatYoullBring

JD LLB or equivalent degree.

Admitted to the bar and in good standing or otherwise authorized to practice law in WA and/orCA .

6 yearsof experience in cybersecurity and regulatory complianceat a law firm and/or inhouse.

Strong understanding of global cyber and data protection regulations.

Ability to engage deeply with engineering and security leaders.

Handson counselingexperiencein incident response cloud and platform security and security compliance (e.g. SOC 2 ISO 27001 FedRAMP NIST SP 80053/CSF).

Exceptional communication skillsable to translate technical concepts into clear actionable legal guidance for a range of business partners.

Ability tooperatecalmly in crisis situations andmanage and prioritize multiple projects in a dynamic environment fostering collaboration and driving results.

Preferred Qualifications

8 years legal experience including inhouse counseling for technology or cloud/SaaS providers.

Familiarity withpopular cloud platforms andmulticloud architectures.

Knowledge of network and application security technologies (e.g. WAF DDoS mitigation load balancing botdetectionand API security).

Experience aligning programs to global frameworks and sectoral rules (SOC 2 ISO 27001/27701 PCI DSS FedRAMP NIST SP 80053/CSF) and supporting regulator or customer audits.