Principal Engineer - PlatSec Development

About The Position

Requirements

• 12+ years of hands-on experience in secure code review and secure software development
• Proven track record identifying and remediating security vulnerabilities in production code
• Experience integrating security into agile software development processes
• Programming Languages: Python, Java, C/C++ (proficiency required)
• Secure Coding: Deep understanding of secure coding principles, OWASP Top 10, CWE/SANS Top 25
• Static Analysis Tools: SonarQube, Checkmarx, Fortify, Coverity, Semgrep
• Dynamic Analysis Tools: Burp Suite, OWASP ZAP, Acunetix
• Code Review Methodologies: Manual code review, peer review, automated scanning integration
• Source Code Management: Git, GitHub, GitLab, Bitbucket
• SDLC Integration: CI/CD security gates, GitHub Actions, Jenkins
• Strong analytical and problem-solving skills with attention to detail
• Excellent written and verbal communication skills for technical and non-technical audiences
• Ability to articulate security risks and recommended mitigations to development teams
• Collaborative mindset with ability to influence engineering culture

Nice To Haves

• Familiarity with F5 BIG-IP architecture, TMOS, iRules/iApps development
• Understanding of application delivery, load balancing, SSL/TLS processing, and WAF functionality
• Experience with network protocols and security features (HTTP/S, DNS, IPsec, authentication)
• Knowledge of cryptographic implementations and common pitfalls
• Experience with API security, authentication/authorization frameworks (OAuth, SAML, JWT)
• Understanding of product security concepts: Secure Boot, FIPS compliance, code signing
• Familiarity with threat modelling methodologies (STRIDE, PASTA, OCTAVE)
• Experience with container security and Kubernetes for BIG-IP containerized deployments
• Knowledge of scripting for security automation (Bash, PowerShell)
• Familiarity with vulnerability assessment and penetration testing techniques
• AI Security Skills: Experience using AI-powered code analysis tools or LLM-assisted security reviews
• GIAC Secure Software Programmer (GSSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)

Responsibilities

• Conduct comprehensive security code reviews to identify vulnerabilities and weaknesses in BIG-IP product code
• Perform manual and automated code analysis using static (SAST) and dynamic (DAST) analysis tools
• Review code for compliance with secure coding standards (OWASP, CWE/SANS Top 25, CERT)
• Analyze security implications of design decisions in application delivery, traffic management, and security modules
• Collaborate with BIG-IP development teams to integrate security best practices into the SDLC
• Develop and maintain security coding guidelines, standards, and checklists tailored for F5 products
• Define security requirements and controls for system designs, APIs, and authentication/authorization mechanisms
• Champion secure-by-design principles across engineering teams
• Mentor junior engineers on security best practices and code review techniques
• Analyze vulnerability reports, CVEs, and security advisories to assess impact and recommend fixes
• Track security findings through resolution using Bugzilla or similar tracking systems
• Stay current with latest security threats, attack vectors, and defensive technologies relevant to application delivery and network security
• Evaluate and recommend new security tools and methodologies to improve code security posture
• Leverage AI-powered security tools for enhanced vulnerability detection and code analysis

Benefits

• You may also be offered incentive compensation, bonus, restricted stock units, and benefits.
• More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits.
• F5 reserves the right to change or terminate any benefit plan without notice.