Principal Security Engineer - SIRT

RP1021319Singapore Office

Job Description

Come join our Security Incident Response Team (F5 SIRT)!

Addressing security issues in our products is the responsibility of this team. We are a dedicated, distributed team that handles the receipt, investigation, and public reporting of security vulnerability information that is related to our products and networks.

You will be proficient in a wide variety of security threats, incident handling methodologies and offensive/defensive attack vectors. You'll use this knowledge to identify and form response mitigation plans for a variety of attacks/threats. The Principal Security Engineer follows incident handling procedures to drive mitigation of security incidents and will be called to perform attack analysis, configuration suggestions, and potential onsite interaction. A Security Engineer can balance multiple active issues of diverse scope simultaneously while maintaining good communication, particularly written communication to our customers, and accepts ownership of issues until a resolution is delivered or a business as usual state is returned, providing high customer satisfaction. When not engaged in incidents, we expect you to prioritize other security related issues, research emerging threats and documents and present the impact on our products and services. You'll have an amazing opportunity to advocate every single day for improving the security of our portfolio of products and services!

We're seeking deep passion for security and a desire to help develop a security approach in others. The role also requires a strong ability to work with incomplete information and to adapt to changing priorities.

What will you do?

  • Monitor security issues in order to identify and act upon them as they occur - Mentoring
  • Participate in tier 2 and tier 3 security support
  • Provide incident handling and drives both attack analysis and mitigation options

Provides F5 customers with high-quality support experience

  • Lead multiple issues and prioritizes based upon customer and business needs, without direction
  • Provide our customers with a consistently high-quality support experience

Effectively engages supporting escalation personnel, without direction

  • Ensure complete and clear incident documentation
  • Maintain incident documentation, participate in post-mortems, and write incident reports.

Continuous research into emerging threats and mitigation options

  • Independently develop and deliver security content and training based on research and testing within the security field and with our products to drive security attitude.
  • Perform general security awareness and specific security technology training
  • Engages in ongoing training within the security field and with F5 products
  • Follows processes defined in our Quality Management System (QMS)
  • Partner closely with others to develop incident response plans
  • May lead projects and provide guidance/training to less experienced staff, mentoring.
  • Perform threat and vulnerability management, monitoring of CVE and vendor notifications
  • Evaluate and execute multi-functional security initiatives across the enterprise.
  • Partner with multi-functional Engineering teams to ensure all systems are accurately remediated according to our policies and standards.

How do you qualify?

  • Showcase 15+ years of knowledge and related experience with a demonstrated ability in a technical security role such as support, monitoring or consulting (e.g. pen testing) working with relevant technologies
  • Strong understanding of industry standards such as CVE, CPE, and CVSS
  • Sophisticated experience with security incident handling processes, procedures and methodologies.
  • Sophisticated technical experience with attacks such as DDoS, web application, DNS and other network attacks.
  • High level of knowledge with common security vulnerabilities and the ability to judge their severity
  • Experience with working security incidents at corporate production environments and working with network and packet analysis tools
  • Hold a BA/BS degree or equivalent experience

Knowledge, skills and abilities

  • Hands on experience with and very knowledgeable on LAN/WAN operations, and/or networking hardware required
  • Knowledge with Web Application Firewalls, Firewalls and IPS/IDS
  • Experience with network vulnerability scanners
  • OS hardening and security standard methodologies
  • Appropriate security based qualification; CISSP, GCIH (or demonstrated skills and ability to acquire certification) - more than one certification preferred.
  • CVE and CERT experience
  • Deep understanding of security offensive/defensive techniques and methodologies.
  • Sophisticated understanding of security attack/defense methodologies (e.g. DNS, network TCP/IP, SSL and HTTP)
  • Intermediate understanding and working knowledge of TCP/IP, SSL, DNS, HTTP and common protocols.
  • Knowledge of network and security monitoring tools
  • Provide some coding experience - having in addition to Python knowledge in other scripting languages
  • Familiarity with load balancers, WAF’s and common network architectures
  • Knowledge of standard UNIX/Linux command line tools
  • Ability to generate new training and knowledge sharing content via various delivery method
  • Perform with moderate supervision
  • Consistent track record in a collaborative environment
  • Analytical problem solver with strong attention to detail
  • Communicate effectively while able to fluently read, write and speak English, including technical concepts and terminology.
  • Relay technical information to customers with varying skill levels
  • Ability to build attack Proof of Concepts
  • Experience with incident tracking software such as Siebel would be nice

Physical demands and work environment:

Duties are performed in a normal office environment while sitting at a desk or computer table. Duties require the ability to utilize a computer, communicate over the telephone, and read printed material. Duties may require the ability to travel via automobile or airplane, approximately 20% of the time spent traveling. Some datacenter/lab work as well. Duties may require the ability to lift 50 lbs enabling them to rack our controllers in customer locations or our lab. This role may require work outside of core business hours, including early morning, late evening, overnight, weekends, and/or holidays as needed. There will be a requirement to participate in an on-call rotation

Some travel may be required, a current passport is required

This role may be in one of two locations - Tel Aviv / Singapore.


The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Phishing Alert

Please note that F5 only contacts candidates through F5 email address (ending with or auto email notification from Yello/Workday (ending with or

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability,marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws.This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. Reasonable accommodation is available for qualified individuals with disabilities, upon request.