SIRT Security Engineer

Role Overview:

The Security Engineer is a technical security position in the F5 Security Incident Response Team (F5 SIRT). Addressing security issues in F5 products is the responsibility of the F5 Security Incident Response Team (F5 SIRT). The F5 SIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to F5 products and networks.

The Security Engineer is well versed in a breadth of security threats, incident handling methodologies and offensive/defensive attack vectors.

The Security Engineer follows incident handling procedures to drive mitigation of security incidents and will be called to perform attack analysis, configuration suggestions, and potential onsite interaction. A Security Engineer can handle multiple active issues of diverse scope simultaneously while maintaining good communication, particularly written communication to our customers, and accepts ownership of issues until a resolution is delivered or a business as usual state is returned, providing high customer satisfaction.

When not engaged in incidents, an Security Engineer will mentor other security related issues. A good candidate has a deep passion for security and a desire to help develop a security mindset in others. The role also requires a strong ability to work with incomplete information and to adapt to changing priorities.

Sounds interesting? Read on

What Youll Do:

Primary Responsibilities

• Responsible for upholding F5s business code of ethics & for promptly reporting violations of the code or other company policies
• Manages multiple issues and prioritizes based upon customer and business needs, without direction
• Provides F5 customers with a consistently high-quality support experience
• Assist Senior Security Engineer with other tasks as required based upon business operation needs
• Effectively engages supporting escalation personnel, without direction
• Participate in weekend support rotation

Product Vulnerability Response and Management

• Work with the PD Platform Security team to maintain the 3rd Party Module Vulnerability Triage information
• Open Escalation when requested by Platform Security to investigate orphaned Vulnerability bugs
• Participate in the release meetings and triage bugs for release
• Assist ENE owners with ENE006 SRs that are in deadlock or stalled
• Perform threat and vulnerability management, monitoring of CVE and vendor notifications
• Monitor the F5SIRT shared mailbox, identify external researchers and create SRs where necessary to be assigned to Security Engineers

Customer Security Incident Response

• Provide incident handling and drives both attack analysis and mitigation options
• Participate in tier 2 and tier 3 security support
• Follows processes defined in F5s Quality Management System (QMS)
• Mentoring Security SRs to resolution - Proactively monitors Securty Service Request (SR) with long Time to Resolution (TTR)
• Working with F5 SIRT Specialists to handle ESRP cases
• Maintain incident documentation, participate in post-mortems, and write incident reports.
• Working with SR Security Engineers on post-mortem for ESRP incidents
• Tracking attack trends and threat intelligence from different sources
• Monitors security issues in order to identify and act upon them as they occur Active Mentoring
• Running workshops to help F5 SIRT Specialists build hands-on experience in a lab environment in order to better prepare for dealing with attacks in the real environment With Sr. Sec Eng
• Simulating typical customer network environment (in terms of versions, modules, network devices), running different attacks, documenting security incident response plan and exercising it
• Work closely with others to develop incident response plans

Building Security Mindset - Security Evangelism

• Running regional F5 SIRT meetings
• Handling reactive mentor questions on Security from F5 SIRT Specialists and NSEs Monitor F5 SIRT email
• Creating security presentations for a wide audience
• Engages in on-going training within the security field and with F5 products
• May lead projects and provide guidance/training to less experienced staff and mentoring.
• Evaluate and execute cross-functional security initiatives across the enterprise.
• Work with cross functional Engineering teams to ensure all systems are properly remediated according to our policies and standards.

What Youll Bring:

• Minimum of 5 years of related experience in a technical security role such as support, monitoring or consulting (e.g. pen testing) working with relevant technologies
• Appropriate security based qualification; CISSP, GCIH (or demonstrated skills and ability to obtain certification) more than one certification preferred.
• Strong understanding of industry standards such as CVE, CPE, and CVSS
• Experience with security incident handling processes, procedures and methodologies.
• Technical experience with identifying and mitigating a breadth of attacks such as DDoS, web application, DNS and other network attacks.
• Knowledge with common security vulnerabilities and the ability to judge their severity
• Experience with working security incidents at corporate production environments
• Experience working with network and packet analysis tools
• BA/BS degree or equivalent experience
• Knowledge with Web Application Firewalls, Firewalls and IPS/IDS
• Experience with network vulnerability scanners
• OS hardening and security best practices
• Hands on technical experience with andvery knowledgeable on LAN/WAN operations, and/or networking hardware required
• CVE and CERT experience
• Knowledge of security offensive/defensive techniques and methodologies.
• Understanding of security attack/defense methodologies (e.g. DNS, network TCP/IP, SSL and HTTP)
• Intermediate understanding and working knowledge of TCP/IP, SSL, DNS, HTTP and common protocols.
• Knowledge of network and security monitoring tools
• Coding experience having in addition to Python knowledge in other scripting languages
• Familiarity with load balancers, WAFs and common network architectures
• Working knowledge of standard UNIX/Linux command line tools
• Ability to generate new training and knowledge sharing content via various delivery method
• Proven track record in a team environment
• Analytical thinker with strong attention to detail
• Must be able to read, write and speak English fluently, including technical concepts and terminology.
• Must be able to relay technical information to customers with varying skill levels
• Ability to create attack Proof of Concepts
• Experience with incident tracking software, Seibel experience a plus

What Youll Get:

• Hybrid working mode
• Career growth and development opportunities
• Recognitions and Rewards
• Employee Assistance Program
• Competitive pay, , and cool perks
• Dynamic Interest Groups