Principal Engineer - PlatSec Development jobs in United States
cer-icon
Apply on Employer Site
company-logo

F5 · 5 days ago

Principal Engineer - PlatSec Development

positionSeattle
timeFull-time
remoteHybrid
seniorityLead/Staff
money$186K/yr - $280K/yr
date12+ years exp

F5 is a company that empowers organizations to create, secure, and run applications. They are seeking a Principal Engineer for their BIG-IP Product Security Team to drive secure coding practices by conducting code reviews, identifying security vulnerabilities, and collaborating with development teams to integrate security throughout the software development lifecycle.

Consumer ElectronicsSaaSSecurityVirtualization
check
H1B Sponsor Likelynote

Responsibilities

Conduct comprehensive security code reviews to identify vulnerabilities and weaknesses in BIG-IP product code
Perform manual and automated code analysis using static (SAST) and dynamic (DAST) analysis tools
Review code for compliance with secure coding standards (OWASP, CWE/SANS Top 25, CERT)
Analyze security implications of design decisions in application delivery, traffic management, and security modules
Collaborate with BIG-IP development teams to integrate security best practices into the SDLC
Develop and maintain security coding guidelines, standards, and checklists tailored for F5 products
Define security requirements and controls for system designs, APIs, and authentication/authorization mechanisms
Champion secure-by-design principles across engineering teams
Mentor junior engineers on security best practices and code review techniques
Analyze vulnerability reports, CVEs, and security advisories to assess impact and recommend fixes
Track security findings through resolution using Bugzilla or similar tracking systems
Stay current with latest security threats, attack vectors, and defensive technologies relevant to application delivery and network security
Evaluate and recommend new security tools and methodologies to improve code security posture
Leverage AI-powered security tools for enhanced vulnerability detection and code analysis

Qualification

Secure CodingProgramming LanguagesStatic Analysis ToolsDynamic Analysis ToolsSDLC IntegrationCode Review MethodologiesSource Code ManagementAI Security SkillsAnalytical SkillsF5 BIG-IP FamiliarityNetwork Protocols KnowledgeAPI Security KnowledgeCryptographic KnowledgeContainer Security KnowledgeVulnerability Assessment KnowledgeCommunication SkillsCollaborative MindsetMentoringProblem-Solving Skills

Required

12+ years of hands-on experience in secure code review and secure software development
Proven track record identifying and remediating security vulnerabilities in production code
Experience integrating security into agile software development processes
Programming Languages: Python, Java, C/C++ (proficiency required)
Secure Coding: Deep understanding of secure coding principles, OWASP Top 10, CWE/SANS Top 25
Static Analysis Tools: SonarQube, Checkmarx, Fortify, Coverity, Semgrep
Dynamic Analysis Tools: Burp Suite, OWASP ZAP, Acunetix
Code Review Methodologies: Manual code review, peer review, automated scanning integration
Source Code Management: Git, GitHub, GitLab, Bitbucket
SDLC Integration: CI/CD security gates, GitHub Actions, Jenkins
Strong analytical and problem-solving skills with attention to detail
Excellent written and verbal communication skills for technical and non-technical audiences
Ability to articulate security risks and recommended mitigations to development teams
Collaborative mindset with ability to influence engineering culture

Preferred

Familiarity with F5 BIG-IP architecture, TMOS, iRules/iApps development
Understanding of application delivery, load balancing, SSL/TLS processing, and WAF functionality
Experience with network protocols and security features (HTTP/S, DNS, IPsec, authentication)
Knowledge of cryptographic implementations and common pitfalls
Experience with API security, authentication/authorization frameworks (OAuth, SAML, JWT)
Understanding of product security concepts: Secure Boot, FIPS compliance, code signing
Familiarity with threat modelling methodologies (STRIDE, PASTA, OCTAVE)
Experience with container security and Kubernetes for BIG-IP containerized deployments
Knowledge of scripting for security automation (Bash, PowerShell)
Familiarity with vulnerability assessment and penetration testing techniques
AI Security Skills: Experience using AI-powered code analysis tools or LLM-assisted security reviews
GIAC Secure Software Programmer (GSSP)
Certified Secure Software Lifecycle Professional (CSSLP)
CEH (Certified Ethical Hacker)
OSCP (Offensive Security Certified Professional)
Bachelor's degree in Computer Science, Information Security, Software Engineering, or related field
Equivalent practical experience in secure software development will be considered

Benefits

Incentive compensation
Bonus
Restricted stock units
Benefits

Company

F5

twittertwittertwitter
Glassdoor3.9
company-logo
F5 is a multi-cloud application services and security company that specializes in application security, performance, and delivery.
dateFounded in 1996
location
Seattle, Washington, USA
people-size5001-10000 employees
web-link
https://www.f5.com

H1B Sponsorship

F5 has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (155)
2024 (110)
2023 (211)
2022 (194)

Funding

Current Stage
Public Company
Total Funding
unknown
Key Investors
Elliott Management Corp.
2020-11-08Post Ipo Equity
1999-06-04IPO
1998-09-24Series Unknown

Leadership Team

leader-logo
François Locoh-Donou
President and CEO
linkedin
leader-logo
Mohan Veloo
Chief Technology Officer - Asia Pacific, China & Japan
linkedin

Recent News

Business Wire
F5 Accelerates AI Security With Integrated Runtime Protection for Enterprise AI at Scale
2026-01-16
Business Wire
F5 NGINXaaS for Google Cloud Advances Cloud-Native Application Delivery and Security
2026-01-15
GlobeNewswire
Portnoy Law Firm Announces Class Action on Behalf of F5, Inc. Investors
2025-12-24
Company data provided by crunchbase