Cyber Defense Engineer

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Cyber Defense Engineer
 

In this opportunity, you will collaborate with other exceptionally hard-working engineers and analysts in a constantly expanding fast-paced environment. 

You will have a strong passion for cyber security and its best standards. This will be conveyed through analysis, communications, and organization wide collaboration. 

Since we are a global team, it will require strong communications with team members between the different time zones. You will need to action real time security events with little guidance. The candidate for this position is expected to grow into an SME (Subject Matter Expert) in a related job function and be able to train other team members. 

What will you do? 

·       Act as a primary responder for security events and incidents, coordinating with internal and external stakeholders to ensure thorough analysis and response.

·       Facilitate communications with stakeholders which may include End Users, Leadership, and Legal. 

·       Document actions taken in knowledge base articles, ticketing systems, and casework as required. 

·       Provide continuous improvements to Security Processes and Runbooks. 

·       Perform Threat Model Assessments and Third-Party Security Assessments. 

·       Lead Tabletop Exercises.  

·       Leverage cross-functional relationships with key stakeholders to understand business needs, define problems and ensure incident response tactics align with business objectives and priorities. 

·       Present key findings and recommendations to senior management to support decision-making. 

·       Perform Insider Threat analysis and use Data Loss Prevention (DLP) tools and practices.

·       Contribute to the creation and tuning of new detections. 

·       Provide training and mentorship to team members, sharing knowledge and best practices.

·       Follow F5 information security policies and protect information assets from unauthorized access, disclosure, modification, destruction or interference 

·       Know the latest security trends, news, CVEs. 

·       Performs other related duties as assigned.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. 

Knowledge, Skills, and Abilities 

·       Comfortable leading security investigations through the Incident Response lifecycle

·       Familiarity with MITRE ATT&CK framework (i.e. Cloud Matrix) 

·       Basic understanding of networking concepts 

·       Experience with SIEM solution and correlating different log sources

·       Solid understanding of UNIX/Linux operating systems and commands 

·       Solid understanding of cloud security logging best practices in any cloud service provider (i.e. AWS, Azure, GCP)

·       Ability to perform forensics on cloud resources (i.e. EC2)

·       Solid attention to detail 

·       Highly motivated, independently driven, and good interpersonal skills 

·       Must take initiative and provide updates to various team members and upper management 

·       Experience in security event triage as it relates to any cloud service provider (i.e. AWS, Azure, GCP)

·       Comfortable leading security investigations through the Incident Response lifecycle

·       Ability to produce clear and concise incident response reports

·       Strong analytical and critical-thinking skills

Additional experience a plus: 

·       Scripting language: Python, Bash 

·       CEH, GCIH, GCFR certification (other SANS training) 

·       Linux Host forensics 

·       Forensics in Containerization software (Kubernetes, Docker, Containers)

·       DLP (Data Loss Prevention) rule configurations and analysis (example: Microsoft Purview)

Qualifications 

·       5+ years' experience in the security field. Must have prior Security Engineering experience supporting Incident Response or Security Operations. 

·       Ability to excel in a fast paced, challenging, operations environment. 

·       Must be able to communicate technical and operational details fluently in English (written and oral). Other languages are a plus.

Physical Demands and Work Environment 

Duties are performed while sitting at a desk or computer table. Duties require the ability to utilize a computer, communicate over the telephone and read printed material. Working in an environment where work hours are scheduled shifts but your position is a full time position. This role may be required to work outside of core business hours including early morning, late evening, overnight, weekends, and holidays. 

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.