Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Principal Security Engineer - SIRT
Company F5
Location Singapore
Preferred GIAC Certifications GCIH
Travel 20%
Salary Not provided
Contact Name Send a copy of resume to:
Contact Email abessette/at/
Expires 2021-12-08

Job Description

Come join our Security Incident Response Team (F5 SIRT)!

Addressing security issues in our products is the responsibility of this team. We are a dedicated, distributed team that handles the receipt, investigation, and public reporting of security vulnerability information that is related to our products and networks.

You will be proficient in a wide variety of security threats, incident handling methodologies and offensive/defensive attack vectors. You'll use this knowledge to identify and form response mitigation plans for a variety of attacks/threats. The Principal Security Engineer follows incident handling procedures to drive mitigation of security incidents and will be called to perform attack analysis, configuration suggestions, and potential onsite interaction. A Security Engineer can balance multiple active issues of diverse scope simultaneously while maintaining good communication, particularly written communication to our customers, and accepts ownership of issues until a resolution is delivered or a business as usual state is returned, providing high customer satisfaction. When not engaged in incidents, we expect you to prioritize other security related issues, research emerging threats and documents and present the impact on our products and services. You'll have an amazing opportunity to advocate every single day for improving the security of our portfolio of products and services!

We're seeking deep passion for security and a desire to help develop a security approach in others. The role also requires a strong ability to work with incomplete information and to adapt to changing priorities.

What will you do?
Monitor security issues in order to identify and act upon them as they occur - Mentoring
Participate in tier 2 and tier 3 security support
Provide incident handling and drives both attack analysis and mitigation options
Provides F5 customers with high-quality support experience
Lead multiple issues and prioritizes based upon customer and business needs, without direction
Provide our customers with a consistently high-quality support experience
Effectively engages supporting escalation personnel, without direction
Ensure complete and clear incident documentation
Maintain incident documentation, participate in post-mortems, and write incident reports.
Continuous research into emerging threats and mitigation options
Independently develop and deliver security content and training based on research and testing within the security field and with our products to drive security attitude.
Perform general security awareness and specific security technology training
Engages in ongoing training within the security field and with F5 products
Follows processes defined in our Quality Management System (QMS)
Partner closely with others to develop incident response plans
May lead projects and provide guidance/training to less experienced staff, mentoring.
Perform threat and vulnerability management, monitoring of CVE and vendor notifications
Evaluate and execute multi-functional security initiatives across the enterprise.
Partner with multi-functional Engineering teams to ensure all systems are accurately remediated according to our policies and standards.
How do you qualify?
Showcase 15+ years of knowledge and related experience with a demonstrated ability in a technical security role such as support, monitoring or consulting (e.g. pen testing) working with relevant technologies
Strong understanding of industry standards such as CVE, CPE, and CVSS
Sophisticated experience with security incident handling processes, procedures and methodologies.
Sophisticated technical experience with attacks such as DDoS, web application, DNS and other network attacks.
High level of knowledge with common security vulnerabilities and the ability to judge their severity
Experience with working security incidents at corporate production environments and working with network and packet analysis tools
Hold a BA/BS degree or equivalent experience
Knowledge, skills and abilities
Hands on experience with and very knowledgeable on LAN/WAN operations, and/or networking hardware required
Knowledge with Web Application Firewalls, Firewalls and IPS/IDS
Experience with network vulnerability scanners
OS hardening and security standard methodologies
Appropriate security based qualification; CISSP, GCIH (or demonstrated skills and ability to acquire certification) - more than one certification preferred.
CVE and CERT experience
Deep understanding of security offensive/defensive techniques and methodologies.
Sophisticated understanding of security attack/defense methodologies (e.g. DNS, network TCP/IP, SSL and HTTP)
Intermediate understanding and working knowledge of TCP/IP, SSL, DNS, HTTP and common protocols.
Knowledge of network and security monitoring tools
Provide some coding experience - having in addition to Python knowledge in other scripting languages
Familiarity with load balancers, WAF’s and common network architectures
Knowledge of standard UNIX/Linux command line tools
Ability to generate new training and knowledge sharing content via various delivery method
Perform with moderate supervision
Consistent track record in a collaborative environment
Analytical problem solver with strong attention to detail
Communicate effectively while able to fluently read, write and speak English, including technical concepts and terminology.
Relay technical information to customers with varying skill levels
Ability to build attack Proof of Concepts
Experience with incident tracking software such as Siebel would be nice
Physical demands and work environment:
Duties are performed in a normal office environment while sitting at a desk or computer table. Duties require the ability to utilize a computer, communicate over the telephone, and read printed material. Duties may require the ability to travel via automobile or airplane, approximately 20% of the time spent traveling. Some datacenter/lab work as well. Duties may require the ability to lift 50 lbs enabling them to rack our controllers in customer locations or our lab. This role may require work outside of core business hours, including early morning, late evening, overnight, weekends, and/or holidays as needed. There will be a requirement to participate in an on-call rotation

Some travel may be required, a current passport is required

This role may be in one of two locations - Tel Aviv / Singapore.


The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.