Platform Security Engineer at F5

What you'd actually do

Hands-on penetration testing of F5 products

Perform code and configuration security reviews in critical parts of the products

Participating in threat modelling of new product features

Manual identification and exploitation of security vulnerabilities.

Detailed analysis of issues identified, including proof of concept, reproduction steps, and recommended remediation.

Skills

Required

Pen-Testing
security assessment
reading code in C, C++, JAVA
assessment of containerized environments (docker, k8, Rest API)
manual and automatic testing tools
security principles, theories, and attacks
Linux OS mechanisms, networking, and protocols
pen testing of Web based, Linux based
developing tools in Python

Nice to have

Golang
node.js
static code analysis
fuzzing tools
traffic processing products assessment (Router, Load Balancer, DNS, FW, WAF)
Bachelor’s degree in Computer Science or a closely related field with 7+ years of experience
common pen test tools (Kali Linux, Metasploit, Burp Suite, Wireshark, Qualys, NMAP, Nessus)
Industry certifications (CEH, OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN)
Secure SDLC
DevSecOps
Security standards (OWASP, CWE, NIST, OSSTMM)

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

About the F5 Platform Security Team:

The team provides services and support to F5 development teams in all phases of the Secure Development Lifecycle – including Secure code review, Pen-testing, Threat modeling and analysis, best development practices training, security testing and certifications, vulnerability response, and management.

Position Summary:

This position is responsible for internal red-team penetration testing of F5’s BIG-IP product lines utilizing open-source, commercial, and home-grown tools. Consults with development teams on findings, remediation options, and automation of PoCs. Manages assigned projects independently and in conjunction with Global F5 Pen-Testing Team.

Responsibilities:

Hands-on penetration testing of F5 products
Perform code and configuration security reviews in critical parts of the products
Participating in threat modelling of new product features
Manual identification and exploitation of security vulnerabilities.
Detailed analysis of issues identified, including proof of concept, reproduction steps, and recommended remediation.
Building custom instrumentation and tools to assist security assessment
Presenting findings and working closely with architectural and development teams to ensure products developed in line with our security standards
Assisting and mentoring with internal secure development education program

Qualifications:

At least 5 years of expertise in hands-on Pen-Testing and security assessment.
Proficient in reading code written in C, C++, JAVA (Golang and node.js as well is an advantage)
Strong experience with assessment of containerized environments (docker, k8, Rest API) is a must.
Experience with manual and automatic testing tools
Low-level understanding of security principles, theories, and attacks.
Strong understanding and background in Linux OS mechanisms, networking, and protocols.
Experience in the pen testing of Web based, Linux based,
Experience in developing tools in Python.

Desired Qualifications (Advantage)

Shown experience with static code analysis and fuzzing tools
Experience with traffic processing products assessment (Router, Load Balancer, DNS, FW, WAF)
Bachelor’s degree in Computer Science or a closely related field with 7+ years of experience
Knowledge of common pen test tools, such as Kali Linux, Metasploit, Burp Suite, Wireshark, Qualys, Network Mapper (NMAP), Nessus and others
Industry certifications such as CEH, OSCP, OSCE, OSWE, GPEN, GCIH, GWAPT, or GXPN
Thorough understanding of Secure SDLC, DevSecOps and Security standards such as OWASP, CWE, NIST, OSSTMM etc.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or** @myworkday.com)****.**

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.