At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
Why do you want to join our team?
Life at F5 is never dull. We are constantly identifying industry trends and disruptions, then innovating to get ahead of future customer needs-creating application services that help the world’s leading organizations deliver their critical business apps faster and with the highest levels of flexibility, security, performance, and support.
But our success isn’t driven solely by what we do. We also care deeply about how we do it. At F5, our culture is how we live, every single day. And it’s producing extraordinary results-not only for our customers, but also for our employees. We understand that your life is about more than just work, so we’re committed to a culture that supports your whole life.
Come work at a place where innovation and partnership come together to build and support the most exciting missions in the world! You get the adventure and independence of working at a start-up without any of the financial risks because you are supported by a growing Fortune 1000 technology company.
Position Summary
The Lead Offensive Security Engineer will work closely with Project Managers, InfoSec leadership, customers, and partners to lead engagements, assessing the security and compliance of both the F5 enterprise and F5 products against regulatory and industry requirements and standards, as well as security best practice frameworks.
The Lead Offensive Security Engineer will be a technical leader with broad and deep technical skills, meeting the objectives of their engagements, collaborating with internal customers, mentoring teammates, and providing subject matter expertise across one or more technical domains. You will perform in a highly visible opportunity to impact both the Information Security and Product teams. Ultimately this role supports the F5 product and enterprise security teams in making well-informed, risk-based decisions to improve overall security posture.
What you'll do
•Work independently and collaboratively with a team to both lead and support.
•Hands on application and hardware penetration testing of F5 products.
•Hands on network and application testing of the F5 enterprise security posture.
•Work to maintain a custom testing toolkit to assist in red and purple team activity.
•Ensure quality reports, test plans, and other deliverables are efficient and on time.
•Provide recommendations for technical security or compliance risks.
•Manage team priorities in collaboration with a program manager.
•Operate with integrity. Always.
•You will strengthen existing partnerships and build new ones with key organizations to deliver benefits to us and our customers.
•Work with InfoSec leadership to continue to grow this program within F5
What you'll bring
•Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures.
•Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, and thick client)
•Cloud Service penetration testing tradecraft and methodologies across multiple service providers (e.g. AWS, GCP, etc.).
•Network/host-based penetration testing tradecraft and methodologies
•Background in Linux networking and protocols
•An interest in leadership both through practice maturation and by mentoring junior teammates.
•Strong understanding of security principles, policies, and industry best practices.
•Minimum of 8 years’ experience in Application Security and/or Hardware Security
•Red/purple team operations experience.
Bonus Points
•Experience with building custom tools to assist security assessments.
•At least 3 years experience with security code review
•Proficient in C, C++, Java, Go, and/or NodeJS; Strong working knowledge of at least two programming or scripting languages
•Experience with assessment of containerized environments (Docker, Kubernetes)
•Experience with static code analysis tooling
•Experience with traffic processing products assessment
•Mobile device and application penetration testing on both iOS and Android platforms.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.