Principal Engineer – Secure Code Development

Company: F5
Company: F5
Location: Bangalore (Non-SEZ)
Commitment: Full time
Posted on: 2026-04-12 05:21
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.  Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.Principal Engineer – Secure Code DevelopmentF5 BIG-IP Platform Security TeamRole OverviewDrive secure coding practices across the F5 BIG-IP platform by conducting code reviews, identifying security vulnerabilities, and collaborating with development teams to integrate security throughout the software development lifecycle.Key ResponsibilitiesSecure Code Review & AnalysisConduct comprehensive security code reviews to identify vulnerabilities and weaknesses in BIG-IP product codePerform manual and automated code analysis using static (SAST) and dynamic (DAST) analysis toolsReview code for compliance with secure coding standards (OWASP, CWE/SANS Top 25, CERT)Analyze security implications of design decisions in application delivery, traffic management, and security modulesCollaborate with BIG-IP development teams to integrate security best practices into the SDLCDevelop and maintain security coding guidelines, standards, and checklists tailored for F5 productsDefine security requirements and controls for system designs, APIs, and authentication/authorization mechanismsChampion secure-by-design principles across engineering teamsMentor junior engineers on security best practices and code review techniquesAnalyze vulnerability reports, CVEs, and security advisories to assess impact and recommend fixesTrack security findings through resolution using Bugzilla or similar tracking systemsStay current with latest security threats, attack vectors, and defensive technologies relevant to application delivery and network securityEvaluate and recommend new security tools and methodologies to improve code security postureLeverage AI-powered security tools for enhanced vulnerability detection and code analysisRequired QualificationsExperience12+ years of hands-on experience in secure code review and secure software developmentProven track record identifying and remediating security vulnerabilities in production codeExperience integrating security into agile software development processesTechnical SkillsProgramming Languages: Python, Java, C/C++ (proficiency required)Secure Coding: Deep understanding of secure coding principles, OWASP Top 10, CWE/SANS Top 25Static Analysis Tools: SonarQube, Checkmarx, Fortify, Coverity, SemgrepDynamic Analysis Tools: Burp Suite, OWASP ZAP, AcunetixCode Review Methodologies: Manual code review, peer review, automated scanning integrationSource Code Management: Git, GitHub, GitLab, BitbucketSDLC Integration: CI/CD security gates, GitHub Actions, JenkinsCore CompetenciesStrong analytical and problem-solving skills with attention to detailExcellent written and verbal communication skills for technical and non-technical audiencesAbility to articulate security risks and recommended mitigations to development teamsCollaborative mindset with ability to influence engineering culturePreferred QualificationsFamiliarity with F5 BIG-IP architecture, TMOS, iRules/iApps developmentUnderstanding of application delivery, load balancing, SSL/TLS processing, and WAF functionalityExperience with network protocols and security features (HTTP/S, DNS, IPsec, authentication)Knowledge of cryptographic implementations and common pitfallsExperience with API security, authentication/authorization frameworks (OAuth, SAML, JWT)Understanding of product security concepts: Secure Boot, FIPS compliance, code signingFamiliarity with threat modelling methodologies (STRIDE, PASTA, OCTAVE)Experience with container security and Kubernetes for BIG-IP containerized deploymentsKnowledge of scripting for security automation (Bash, PowerShell)Familiarity with vulnerability assessment and penetration testing techniquesAI Security Skills: Experience using AI-powered code analysis tools or LLM-assisted security reviewsCertificationsGIAC Secure Software Programmer (GSSP)Certified Secure Software Lifecycle Professional (CSSLP)CEH (Certified Ethical Hacker)OSCP (Offensive Security Certified Professional)EducationBachelor's degree in Computer Science, Information Security, Software Engineering, or related fieldThe Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).Equal Employment OpportunityIt is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.
View Original Job Posting