Security Engineer III Logging & SIEM

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

F5 is a multi‑cloud application services and security company committed to bringing a better digital world to life. F5 partners with the world’s largest, most advanced organizations to optimize and secure every app and API anywhere, including on‑premises, in the cloud, or at the edge. F5 enables organizations to provide exceptional, secure digital experiences for their customers and continuously stay ahead of threats. For more information, visit https://www.f5.com

The F5 Global Cyber Defense and Intelligence team within the Office of the CISO is seeking hard‑working and versatile Security Logging Engineers who will focus on updating, maintaining, and creating data pipelines fundamental to security services at F5. You will play a key role in protecting F5 and translating residual risk from critical application deployment into our logging and event platform to ensure data is flowing smoothly and consistently. Success in this role requires individuals to possess a blend of profound technical expertise, extensive knowledge in security, and substantial experience with logging. You’ll be working with teams around the world in this position, so flexibility and excellent communication is key to excel in this role.

• Be part of the architectural direction, administration, maintenance, documentation, and oversight of the event logger and Security information and event management (SIEM) solution
• Analyze threat models and work with partner teams to ingest logging into the security event monitoring tool.
• Create and maintain integrations and solutions for the log collection, aggregation, indexing, search, and alerting
• Manage implementation, enhancement and adoption of the solutions built by the team into operations
• Utilize log ingestion platform for security analytics and identification of tactics, techniques and patterns of attackers
• Collect and review security logs from all systems (Cloud Providers, GitLab, OS, G‑Suite, OKTA, IDS, etc.) to ensure they can be used by the detection engineering team
• Ensure compliance with internal policies, standards, and regulatory requirements
• Contribute to creation of security operation runbooks, threat hunting run books

• Requires at least 6+ years of relevant industry experience preferably in SIEM
• Experience with large scale log aggregation/SIEM systems like SumoLogic, Splunk, Exabeam, LogRhythm, etc.
• Good written and verbal communication skills
• Experience working in site‑reliability engineering, cloud security, system engineering, or similar positions
• Demonstrated experience with running systems at scale
• Proficiency to communicate over a text‑based medium (Slack, GitLab Issues, Email) and can succinctly document technical details
• A Computer Science or Engineering degree is preferred, but not required
• Automation: Proficiency in scripting language such as Python or Bash.
• Experience with log identifications and analysis within GCP, AWS, Azure, or other cloud provider.

• Experience analysing and interpreting large volumes of data to identify potential threats and security incidents
• Nice to have: Experience implementing Data Engineering patterns with Spark, Databricks, pandas, or SQL
• Nice to have: An understanding of attacker exploit and evasion techniques
• Nice to have competency in BigQuery, Athena, or any cloud provider query language.
• Nice to have familiarity with regex
• SANS (GCFR, GMON, or other related certifications)

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all inclusive, and responsibilities and requirements are subject to change.

Note: F5 only contacts candidates through F5 email address (ending with @f5.com) or via automatic email notification from Workday (ending with f5.com or @myworkday.com).

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Request an accommodation by contacting accommodations@f5.com.