Platform Security Engineer

At F5 we strive to bring a better digital world to life. Our teams empower organizations across the globe to create secure and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers and their customers better. And it means we prioritize a diverse F5 community where each individual can thrive.

About the F5 Platform Security Team:

The team provides services and support to F5 development teams in all phases of the Secure Development Lifecycle including Secure code review Pen-testing Threat modeling and analysis best development practices training security testing and certifications vulnerability response and management.

Position Summary:

This position is responsible for internal red-team penetration testing of F5s BIG-IP product lines utilizing open-source commercial and home-grown tools. Consults with development teams on findings remediation options and automation of PoCs. Manages assigned projects independently and in conjunction with Global F5 Pen-Testing Team.

Responsibilities:

• Hands-on penetration testing of F5 products
• Perform code and configuration security reviews in critical parts of the products
• Participating in threat modelling of new product features
• Manual identification and exploitation of security vulnerabilities.
• Detailed analysis of issues identified including proof of concept reproduction steps and recommended remediation.
• Building custom instrumentation and tools to assist security assessment
• Presenting findings and working closely with architectural and development teams to ensure products developed in line with our security standards
• Assisting and mentoring with internal secure development education program

Qualifications:

• At least 5 years of expertise in hands-on Pen-Testing and security assessment.
• Proficient in reading code written in C C JAVA (Golang and as well is an advantage)
• Strong experience with assessment of containerized environments (docker k8 Rest API) is a must.
• Experience with manual and automatic testing tools
• Low-level understanding of security principles theories and attacks.
• Strong understanding and background in Linux OS mechanisms networking and protocols.
• Experience in the pen testing of Web based Linux based
• Experience in developing tools in Python.

Desired Qualifications (Advantage)

• Shown experience with static code analysis and fuzzing tools
• Experience with traffic processing products assessment (Router Load Balancer DNS FW WAF)
• Bachelors degree in Computer Science or a closely related field with 7 years of experience
• Knowledge of common pen test tools such as Kali Linux Metasploit Burp Suite Wireshark Qualys Network Mapper (NMAP) Nessus and others
• Industry certifications such as CEH OSCP OSCE OSWE GPEN GCIH GWAPT or GXPN
• Thorough understandingof Secure SDLC DevSecOps and Security standards such as OWASP CWE NIST OSSTMM etc.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @) or auto email notification from Workday (ending with or @).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race religion color national origin sex sexual orientation gender identity or expression age sensory physical or mental disability marital status veteran or military status genetic information or any other classification protected by applicable local state or federal laws. This policy applies to all aspects of employment including but not limited to hiring job assignment compensation promotion benefits training discipline and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting .