F5
Senior Architect For Application Security
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive. F5 is seeking a Senior Architect for Application Security to lead technical strategy and architecture across its entire security portfolio, including WAF, WAAP, DDoS mitigation, Bot Defense, API Security, TLS inspection, and identity-aware access. This role drives the evolution of F5's security services across SaaS, hardware, and cloud-native platforms, ensuring they are integrated, scalable, and secure-by-design. As a senior technical leader, you will unify architectural direction, modernize legacy systems, and represent F5's security vision in both internal strategy and external engagements. You will: Define the cross-portfolio application security architecture strategy, covering hardware, software, and cloud-native solutions, and align it to F5's long-term business and technology vision. Establish architectural principles, patterns, and roadmaps that guide how WAF, WAAP, API security, DDoS, identity, client-side protection, and related capabilities are designed, integrated, and delivered. Lead architectural modernization efforts to evolve monolithic or appliance-based capabilities into composable, API-driven services within a SaaS-native security control plane. Influence the security posture and innovation roadmap across F5 Distributed Cloud Services, BIG-IP, NGINX, and future platform initiatives. Champion architectural governance and threat modeling across teams to ensure scalability, observability, resiliency, and secure-by-default practices are institutionalized. Drive cross-functional alignment across product, engineering, SRE, and infrastructure teams to ensure seamless and secure user experiences across hybrid, multicloud, and edge deployments. Mentor a community of senior architects and engineers, raising the bar for application security talent across the company. Represent F5's technical vision in customer briefings, industry forums, regulatory discussions, and analyst engagements, serving as a technical ambassador for application security innovation. Job Duties and Responsibilities: Design and validate architecture for WAAP services, distributed DDoS protection layers, advanced bot mitigation pipelines, client fingerprinting, fraud prevention engines, and access-aware enforcement controls. Develop and evangelize reusable security frameworks and patterns across the product portfolio. Collaborate with detection teams and data scientists to integrate machine learning, heuristics, and behavior analysis engines into runtime defense systems. Define telemetry, feedback loops, and attack modeling infrastructure to continuously improve detection fidelity and response agility. Work across organizational boundaries to ensure integration of security across the portfolio. Guide compliance, privacy, and regulatory alignment by ensuring architecture supports evolving standards such as FIPS, FedRAMP, NIST CSF, ISO 27001, GDPR, and OWASP. Drive architectural reviews, design validations, and threat models to ensure operational, security, and scalability concerns are addressed early. Planning, tracking, and scheduling software deliverables. Skills and Qualifications: 12+ years of experience in software and security architecture roles, with at least 5 years focused specifically on application-layer security. Proven track record architecting complex security systems in domains such as WAAP, API security, DDoS mitigation, bot protection, and malware detection. Deep understanding of L7 protocols (HTTP/2, HTTP/3, WebSockets, gRPC) and application security standards (OWASP Top 10, NIST, MITRE ATT&CK). Strong technical understanding of TLS, certificate management, identity and access protocols (OAuth2, OIDC, SAML), and secure session management. Familiarity with zero trust architectures, policy-as-code, multi-tenant SaaS designs, and runtime enforcement in container-based platforms (Kubernetes, Istio, Envoy). Demonstrated ability to set architectural strategy across product boundaries and influence senior engineering and product leadership. Experience designing and implementing distributed cloud solutions at scale. Understanding of containers and orchestration technologies. Broad understanding of coding and programming languages. Extensive knowledge of the software development process and corresponding technologies. Excellent understanding of design patterns and architectural styles. Proficient knowledge of the operation and development designs of agile software. Strong soft skills, including attention to detail, problem-solving and communication skills. The job description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive. F5 is seeking a Senior Architect for Application Security to lead technical strategy and architecture across its entire security portfolio, including WAF, WAAP, DDoS mitigation, Bot Defense, API Security, TLS inspection, and identity-aware access. This role drives the evolution of F5's security services across SaaS, hardware, and cloud-native platforms, ensuring they are integrated, scalable, and secure-by-design. As a senior technical leader, you will unify architectural direction, modernize legacy systems, and represent F5's security vision in both internal strategy and external engagements. You will: Define the cross-portfolio application security architecture strategy, covering hardware, software, and cloud-native solutions, and align it to F5's long-term business and technology vision. Establish architectural principles, patterns, and roadmaps that guide how WAF, WAAP, API security, DDoS, identity, client-side protection, and related capabilities are designed, integrated, and delivered. Lead architectural modernization efforts to evolve monolithic or appliance-based capabilities into composable, API-driven services within a SaaS-native security control plane. Influence the security posture and innovation roadmap across F5 Distributed Cloud Services, BIG-IP, NGINX, and future platform initiatives. Champion architectural governance and threat modeling across teams to ensure scalability, observability, resiliency, and secure-by-default practices are institutionalized. Drive cross-functional alignment across product, engineering, SRE, and infrastructure teams to ensure seamless and secure user experiences across hybrid, multicloud, and edge deployments. Mentor a community of senior architects and engineers, raising the bar for application security talent across the company. Represent F5's technical vision in customer briefings, industry forums, regulatory discussions, and analyst engagements, serving as a technical ambassador for application security innovation. Job Duties and Responsibilities: Design and validate architecture for WAAP services, distributed DDoS protection layers, advanced bot mitigation pipelines, client fingerprinting, fraud prevention engines, and access-aware enforcement controls. Develop and evangelize reusable security frameworks and patterns across the product portfolio. Collaborate with detection teams and data scientists to integrate machine learning, heuristics, and behavior analysis engines into runtime defense systems. Define telemetry, feedback loops, and attack modeling infrastructure to continuously improve detection fidelity and response agility. Work across organizational boundaries to ensure integration of security across the portfolio. Guide compliance, privacy, and regulatory alignment by ensuring architecture supports evolving standards such as FIPS, FedRAMP, NIST CSF, ISO 27001, GDPR, and OWASP. Drive architectural reviews, design validations, and threat models to ensure operational, security, and scalability concerns are addressed early. Planning, tracking, and scheduling software deliverables. Skills and Qualifications: 12+ years of experience in software and security architecture roles, with at least 5 years focused specifically on application-layer security. Proven track record architecting complex security systems in domains such as WAAP, API security, DDoS mitigation, bot protection, and malware detection. Deep understanding of L7 protocols (HTTP/2, HTTP/3, WebSockets, gRPC) and application security standards (OWASP Top 10, NIST, MITRE ATT&CK). Strong technical understanding of TLS, certificate management, identity and access protocols (OAuth2, OIDC, SAML), and secure session management. Familiarity with zero trust architectures, policy-as-code, multi-tenant SaaS designs, and runtime enforcement in container-based platforms (Kubernetes, Istio, Envoy). Demonstrated ability to set architectural strategy across product boundaries and influence senior engineering and product leadership. Experience designing and implementing distributed cloud solutions at scale. Understanding of containers and orchestration technologies. Broad understanding of coding and programming languages. Extensive knowledge of the software development process and corresponding technologies. Excellent understanding of design patterns and architectural styles. Proficient knowledge of the operation and development designs of agile software. Strong soft skills, including attention to detail, problem-solving and communication skills. The job description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.