Security Engineer III

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.  Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.Security Engineer III- SIEMF5 is a multi-cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to optimize and secure every app and API anywhere, including on-premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats. For more information, visit https://www.f5.comPosition Summary:The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard-working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You'll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role.Responsibilities:Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solutionAnalyze threat models and work with partner teams to ingest logging into the security event monitoring tool.Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, alertingManage implementation, enhancement and adoption of the solutions built by the team into operationsUtilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackersCollect and review security logs from all systems (Cloud Providers, GitLab, OS, G-Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering teamEnsure compliance with internal policies, standards, and regulatory requirementsContribute to creation of security operation runbooks, threat hunting run booksRequired Skills & Knowledge:Requires at least 6+ years of relevant industry experience preferably in SIEMExperience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc.Good written and verbal communication skillsExperience working in site-reliability engineering, cloud security, system engineering, or similar positionsDemonstrated experience with running systems at scaleProficiency to communicate over a text-based medium (Slack, GitLab Issues, Email) and can succinctly document technical detailsA Computer Science or Engineering degree is preferred, but not requiredAutomation: Proficiency in scripting language such as Python or Bash.Experience with log identifications and analysis withing GCP, AWS, Azure, or other cloud provider.Bonus Points:Experience analysing and interpreting large volumes of data to identify potential threats and security incidentsNice to have: Experience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQLNice to have: An understanding of attacker exploit and evasion techniquesNice to have competency in BigQuery, Athena, or any cloud provider query language.Nice to have familiarity with regexSANS (GCFR, GMON, or other related certifications )The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).Equal Employment OpportunityIt is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.