דרושים Manager Security Engineering ב-F5 ב-India, Hyderabad

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Security Engineer III- SIEM

The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role.

Responsibilities:

• Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution
• Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool.
• Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting
• Manage implementation, enhancement and adoption of the solutions built by the team into operations
• Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers
• Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team
• Ensure compliance with internal policies, standards, and regulatory requirements
• Contribute to creation of security operation runbooks, threat hunting run books

Required Skills & Knowledge:

• Requires at least 6+ years of relevant industry experience preferably in SIEM
• Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc.
• Good written and verbal communication skills
• Experience working in site-reliability engineering, cloud security, system engineering, or similar positions
• Demonstrated experience with running systems at scale
• Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details
• A Computer Science or Engineering degree is preferred, but not required
• Automation: Proficiency in scripting language such as Python or Bash.
• Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider.

Bonus Points:

• Experience analysing and interpreting large volumes of data to identify potential threats and security incidents
• Nice to have: Experience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL
• Nice to have: An understanding of attacker exploit and evasion techniques
• Nice to have competency in BigQuery, Athena, or any cloud provider query language.
• Nice to have familiarity with regex
• SANS (GCFR, GMON, or other related certifications )

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

## What You’ll Do

- Bachelor’s degree in Cybersecurity, Computer Science, or related field
- 15+ years of cybersecurity operations experience, including IR, SOC, SIEM, and forensics (8+ preferred or 6+ with advanced degree)
- Proven track record leading security operations teams and managing Incident Response programs
- Industry certifications in Threat Hunting, Incident Response, or Computer Forensics (or equivalent expertise)
- Mastery of security frameworks (NIST, ISO 27001, SOC II, PCI, GDPR)
- Hands-on expertise with SIEM, EDR, IDS/IPS, vulnerability management, and cloud security (AWS, Azure, GCP)
- Strong understanding of the Cyberattack Kill Chain, threat analysis, intelligence, and mitigation strategies
- Exceptional analytical, organizational, and communication skills, with the ability to convey complex concepts to technical and non-technical audiences
- Experience authoring detailed security incident reports and making urgent operational decisions under pressure
- Confident, calm, and focused under pressure, with a high sense of urgency to identify and remediate operational risks
- Budget management and vendor relationship experience to optimize security investments
- Self-driven and adaptable, thriving in a fast-paced, high-growth technology environment

At F5, you’ll join a global leader in application security and delivery. You’ll shape defense strategy at scale, collaborate with passionate experts, and grow through clear career paths, continuous training, and mentorship. We reward your impact with competitive compensation, comprehensive benefits, and perks designed to support your well-being and career growth.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Key Responsibilities:

• Program Management:

  • Strategically plan and deliver programs and initiatives across key security and vulnerability management areas, including implementation of security tools (scanners, CI/CD integrations), tracking and addressing vulnerabilities (e.g., CVEs), and enforcing best practices throughout the software development lifecycle.

  • Own program roadmaps, timelines, deliverables, and reporting, ensuring execution aligns with business goals, security requirements, and resource capacity.

  • Drive key metrics and outcomes for security, tracking improvements in vulnerability remediation, compliance, and overall risk reduction.

• Security SDLC and Vulnerability Management:

  • Partner with engineering and security teams to integrate Security SDLC (Secure Software Development Lifecycle) best practices into the development process, ensuring security is considered and implemented at every stage.

  • Manage programs for vulnerability detection, assessment, and remediation to ensure timely resolution of security risks identified across F5 products and environments.

  • Develop and implement governance processes for tracking and addressing externally reported vulnerabilities, such as Common Vulnerabilities and Exposures (CVEs) , ensuring effective prioritization and swift resolution.

• Cross-Functional Collaboration:

  • Build strong relationships with software engineering, product management, cybersecurity, IT, and operations teams to foster alignment across security-related goals and projects.

  • Act as the central point of coordination for security initiatives, driving progress and ensuring accountability across stakeholders.

  • Facilitate efficient communication between technical and non-technical teams to ensure clarity around priorities, goals, and timelines.

• Risk and Compliance Management:

  • Drive alignment on security requirements, risk tolerance, and compliance needs, partnering with internal and external security auditors where required.

  • Ensure teams are meeting corporate and industry security standards, including regulatory and policy compliance, while achieving development velocity.

  • Proactively identify and manage security risks through effective mitigation planning and ongoing tracking.

• Process Improvement and Tooling:

  • Evaluate current security program practices, tools, and workflows, identifying gaps and opportunities for improvement in efficiency and effectiveness.

  • Lead the implementation of automated tools for static and dynamic code analysis, dependency scanning, and configuration management to identify and address vulnerabilities earlier in the development process.

• Metrics and Reporting:

  • Define, track, and report on KPIs and success metrics for security efforts, including vulnerability remediation rates, defect density reduction, and SLAs for incident response.

  • Provide clear and actionable updates to executive leadership and key stakeholders on the status of security programs, progress, risks, and outcomes.

Qualifications:

• Education:

  • Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline (Master’s preferred).

• Experience:

  • 8+ years of experience in program management, with at least 3 years focused on security programs, vulnerability management, or security operations (senior level); 10+ years for principal level.

  • Proven experience implementing Security SDLC processes and collaborating with software teams to deliver secure, production-grade solutions.

  • Solid understanding of security domains, particularly vulnerability scanning tools (e.g., Tenable Nessus, Snyk, Qualys), CVE tracking, dependency management, and secure coding practices.

• Technical Expertise:

  • In-depth knowledge of software development methodologies, including Agile and DevSecOps principles.

  • Familiarity with CI/CD pipelines, source code repositories, and tools for static/dynamic application security testing (e.g., SonarQube, Checkmarx, Veracode).

  • Understanding of vulnerability databases (e.g., NVD), common exploitation techniques, and secure design principles.

  • Basic understanding of threat modeling and risk assessment techniques (stronger expertise is a plus).

• Leadership and Collaboration:

  • Experience working in highly cross-functional, multi-team environments, with the ability to motivate, guide, and align diverse stakeholders.

  • Exceptional interpersonal, written, and verbal communication skills, with the ability to convey complex security requirements and issues to non-technical audiences, executives, and engineering teams alike.

  • Demonstrated ability to influence without authority and lead by example.

• Problem Solving and Decision Making:

  • Ability to analyze complex problems, evaluate trade-offs, and make sound decisions in a fast-paced environment.

  • Strong risk management skills, with the ability to balance security needs with engineering velocity and business priorities.

Preferred Qualifications:

• Project management certification (e.g., PMP, PgMP, or PMI-ACP) or security-related certifications (e.g., CISSP, CISM, or CISA).

• Experience with cloud security and platform-oriented vulnerability management tools like Bugzilla or similar.

• Familiarity with emerging cybersecurity trends and zero-day vulnerability exploitation techniques.

• Knowledge of networking and application delivery technologies (F5 experience is a plus!).

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Primary Responsibilities

• Responsible for upholding F5s business code of ethics & for promptly reporting violations of the code or other company policies

• Manages multiple issues and prioritizes based upon customer and business needs, without direction

• Provides F5 customers with a consistently high-quality support experience

• Assist Senior Security Engineer with other tasks as required based upon business operation needs

• Effectively engages supporting escalation personnel, without direction

• Participate in weekend support rotation

Product Vulnerability Response and Management

• Work with the PD Platform Security team to maintain the 3rd Party Module Vulnerability Triage information

• Open Escalation when requested by Platform Security to investigate orphaned Vulnerability bugs

• Participate in the release meetings and triage bugs for release

• Assist ENE owners with ENE006 SRs that are in deadlock or stalled

• Perform threat and vulnerability management, monitoring of CVE and vendor notifications

• Monitor the F5SIRT shared mailbox, identify external researchers and create SRs where necessary to be assigned to Security Engineers

Customer Security Incident Response

• Provide incident handling and drives both attack analysis and mitigation options

• Participate in tier 2 and tier 3 security support

• Follows processes defined in F5’s Quality Management System (QMS)

• Mentoring Security SRs to resolution - Proactively monitors Securty Service Request (SR) with long Time to Resolution (TTR)

• Working with F5 SIRT Specialists to handle ESRP cases

• Maintain incident documentation, participate in post-mortems, and write incident reports.

• Working with SR Security Engineers on post-mortem for ESRP incidents

• Tracking attack trends and threat intelligence from different sources

• Monitors security issues in order to identify and act upon them as they occur – Active Mentoring

• Running workshops to help F5 SIRT Specialists build hands-on experience in a lab environment in order to better prepare for dealing with attacks in the real environment – With Sr. Sec Eng

• Simulating typical customer network environment (in terms of versions, modules, network devices), running different attacks, documenting security incident response plan and exercising it

• Work closely with others to develop incident response plans

Building Security Mindset - Security Evangelism

• Running regional F5 SIRT meetings

• Handling reactive mentor questions on Security from F5 SIRT Specialists and NSEs – Monitor F5 SIRT email

• Creating security presentations for a wide audience

• Engages in on-going training within the security field and with F5 products

• May lead projects and provide guidance/training to less experienced staff and mentoring.

• Evaluate and execute cross-functional security initiatives across the enterprise.

• Work with cross functional Engineering teams to ensure all systems are properly remediated according to our policies and standards.

Bring:

• Minimum of 5 years of related experience in a technical security role such as support, monitoring or consulting (e.g. pen testing) working with relevant technologies

• Appropriate security based qualification; CISSP, GCIH (or demonstrated skills and ability to obtain certification) – more than one certification preferred.

• Strong understanding of industry standards such as CVE, CPE, and CVSS

• Experience with security incident handling processes, procedures and methodologies.

• Technical experience with identifying and mitigating a breadth of attacks such as DDoS, web application, DNS and other network attacks.

• Knowledge with common security vulnerabilities and the ability to judge their severity

• Experience with working security incidents at corporate production environments

• Experience working with network and packet analysis tools

• BA/BS degree or equivalent experience

• Knowledge with Web Application Firewalls, Firewalls and IPS/IDS

• Experience with network vulnerability scanners

• OS hardening and security best practices

• Hands on technical experience with and very knowledgeable on LAN/WAN operations, and/or networking hardware required

• CVE and CERT experience

• Knowledge of security offensive/defensive techniques and methodologies.

• Understanding of security attack/defense methodologies (e.g. DNS, network TCP/IP, SSL and HTTP)

• Intermediate understanding and working knowledge of TCP/IP, SSL, DNS, HTTP and common protocols.

• Knowledge of network and security monitoring tools

• Coding experience – having in addition to Python knowledge in other scripting languages

• Familiarity with load balancers, WAF’s and common network architectures

• Working knowledge of standard UNIX/Linux command line tools

• Ability to generate new training and knowledge sharing content via various delivery method

• Proven track record in a team environment

• Analytical thinker with strong attention to detail

• Must be able to read, write and speak English fluently, including technical concepts and terminology.

• Must be able to relay technical information to customers with varying skill levels

• Ability to create attack Proof of Concepts

• Experience with incident tracking software, Seibel experience a plus
  

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Security Engineer III- SIEM

The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role.

Responsibilities:

• Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution
• Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool.
• Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alerting
• Manage implementation, enhancement and adoption of the solutions built by the team into operations
• Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers
• Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team
• Ensure compliance with internal policies, standards, and regulatory requirements
• Contribute to creation of security operation runbooks, threat hunting run books

Required Skills & Knowledge:

• Requires at least 6+ years of relevant industry experience preferably in SIEM
• Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc.
• Good written and verbal communication skills
• Experience working in site-reliability engineering, cloud security, system engineering, or similar positions
• Demonstrated experience with running systems at scale
• Proficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical details
• A Computer Science or Engineering degree is preferred, but not required
• Automation: Proficiency in scripting language such as Python or Bash.
• Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider.

Bonus Points:

• Experience analysing and interpreting large volumes of data to identify potential threats and security incidents
• Nice to have: Experience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL
• Nice to have: An understanding of attacker exploit and evasion techniques
• Nice to have competency in BigQuery, Athena, or any cloud provider query language.
• Nice to have familiarity with regex
• SANS (GCFR, GMON, or other related certifications )

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.