F5 Networks
Overview
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
About the position F5 is looking for a hands-on Sr. Security Engineer with experience owning vulnerability management and code security programs. F5’s Edge 2.0 platform provides a global, scalable, and secure way to deploy applications. In this position, you will be responsible for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities.
Responsibilities
Collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the component’s structure and place in the platform.
Write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives.
Integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output.
Work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is significant code reuse.
Collaborate with the DevOps team to introduce tooling to increase clarity and better quantify vulnerability remediation.
Work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC.
Introduce dynamic code analysis tools safely in collaboration with other team members.
Participate in Incident Response when appropriate.
Minimum qualifications
US Citizenship
BS degree in Computer Science or equivalent with 7+ years of secure software development experience
Good understanding of Docker container building process
Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy, etc.
Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc.
Familiarity with microservices architecture, Docker and Kubernetes
Good understanding of complexities and security challenges in large-scale distributed systems
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
The annual base pay for this position is: $166,625.00 - $249,937.00
F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.
You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.
#J-18808-Ljbffr
About the position F5 is looking for a hands-on Sr. Security Engineer with experience owning vulnerability management and code security programs. F5’s Edge 2.0 platform provides a global, scalable, and secure way to deploy applications. In this position, you will be responsible for vulnerability management of open-source components in the software components that make up the platform. You will also be responsible for code security and handle static and multifaceted code scanning and write policies and procedures around the lifecycle of the code and associated vulnerabilities.
Responsibilities
Collaborate with software architects, security defenders, Operations, SRE, compliance specialists, and business leaders to understand the components of the platform and their requirements around vulnerability management, static and dynamic code analysis depending on the component’s structure and place in the platform.
Write and maintain policies and procedures around vulnerability management and code analysis following industry methodologies and compliance directives.
Integrate with scanning tools and provide mentorship to the developers around integration, how to read the findings, and how to improve the output.
Work with architects of underlying frameworks to minimize the number of reported vulnerabilities when there is significant code reuse.
Collaborate with the DevOps team to introduce tooling to increase clarity and better quantify vulnerability remediation.
Work with engineering teams to incorporate the best standards from vulnerability management and code analysis into the SDLC.
Introduce dynamic code analysis tools safely in collaboration with other team members.
Participate in Incident Response when appropriate.
Minimum qualifications
US Citizenship
BS degree in Computer Science or equivalent with 7+ years of secure software development experience
Good understanding of Docker container building process
Experience with vulnerability management systems like Snyk, Whitesource, Trivy, Dependency-check, Nancy, etc.
Experience with SAST tools like Coverity, FindSecBugs, Fortify, Veracode, etc.
Familiarity with microservices architecture, Docker and Kubernetes
Good understanding of complexities and security challenges in large-scale distributed systems
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
The annual base pay for this position is: $166,625.00 - $249,937.00
F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.
You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.
#J-18808-Ljbffr