Principal Engineer PlatSec Development

At F5 we strive to bring a better digital world to life. Our teams empower organizations across the globe to create secure and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers and their customers better. And it means we prioritize a diverse F5 community where each individual can thrive.

Principal Engineer PlatSec Development

F5 BIG-IP Product Security Team

Role Overview

Drive secure coding practices across the F5 BIG-IP platform by conducting code reviews identifying security vulnerabilities and collaborating with development teams to integrate security throughout the software development lifecycle.

Key Responsibilities

Secure Code Review & Analysis

• Conduct comprehensive security code reviews to identify vulnerabilities and weaknesses in BIG-IP product code
• Perform manual and automated code analysis using static (SAST) and dynamic (DAST) analysis tools
• Review code for compliance with secure coding standards (OWASP CWE/SANS Top 25 CERT)
• Analyze security implications of design decisions in application delivery traffic management and security modules

• Collaborate with BIG-IP development teams to integrate security best practices into the SDLC
• Develop and maintain security coding guidelines standards and checklists tailored for F5 products
• Define security requirements and controls for system designs APIs and authentication/authorization mechanisms
• Champion secure-by-design principles across engineering teams

• Mentor junior engineers on security best practices and code review techniques

• Analyze vulnerability reports CVEs and security advisories to assess impact and recommend fixes
• Track security findings through resolution using Bugzilla or similar tracking systems

• Stay current with latest security threats attack vectors and defensive technologies relevant to application delivery and network security
• Evaluate and recommend new security tools and methodologies to improve code security posture
• Leverage AI-powered security tools for enhanced vulnerability detection and code analysis

Required Qualifications

Experience

• 12 yearsof hands-on experience in secure code review and secure software development
• Proven track record identifying and remediating security vulnerabilities in production code
• Experience integrating security into agile software development processes

Technical Skills

• Programming Languages: Python Java C/C (proficiency required)
• Secure Coding: Deep understanding of secure coding principles OWASP Top 10 CWE/SANS Top 25
• Static Analysis Tools: SonarQube Checkmarx Fortify Coverity Semgrep
• Dynamic Analysis Tools: Burp Suite OWASP ZAP Acunetix
• Code Review Methodologies: Manual code review peer review automated scanning integration
• Source Code Management: Git GitHub GitLab Bitbucket
• SDLC Integration: CI/CD security gates GitHub Actions Jenkins

Core Competencies

• Strong analytical and problem-solving skills with attention to detail
• Excellent written and verbal communication skills for technical and non-technical audiences
• Ability to articulate security risks and recommended mitigations to development teams
• Collaborative mindset with ability to influence engineering culture

Preferred Qualifications

• Familiarity with F5 BIG-IP architecture TMOS iRules/iApps development
• Understanding of application delivery load balancing SSL/TLS processing and WAF functionality
• Experience with network protocols and security features (HTTP/S DNS IPsec authentication)

• Knowledge of cryptographic implementations and common pitfalls
• Experience with API security authentication/authorization frameworks (OAuth SAML JWT)
• Understanding of product security concepts: Secure Boot FIPS compliance code signing
• Familiarity with threat modelling methodologies (STRIDE PASTA OCTAVE)

• Experience with container security and Kubernetes for BIG-IP containerized deployments
• Knowledge of scripting for security automation (Bash PowerShell)
• Familiarity with vulnerability assessment and penetration testing techniques
• AI Security Skills: Experience using AI-powered code analysis tools or LLM-assisted security reviews

Certifications

• GIAC Secure Software Programmer (GSSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)

Education

• Bachelors degree in Computer Science Information Security Software Engineering or related field
• Equivalent practical experience in secure software development will be considered

#LI-ZB1

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge skills experience geographic locations and market conditions as well as to reflect F5s differing products industries and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation bonus restricted stock units and benefits. More details about F5s benefits can be found at the following link: F5 reserves the right to change or terminate any benefit plan without notice.

Please note that F5 only contacts candidates through F5 email address (ending with @) or auto email notification from Workday (ending with or @).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race religion color national origin sex sexual orientation gender identity or expression age sensory physical or mental disability marital status veteran or military status genetic information or any other classification protected by applicable local state or federal laws. This policy applies to all aspects of employment including but not limited to hiring job assignment compensation promotion benefits training discipline and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting .