Apply on Employer Site

F5 · 5 days ago

Principal Engineer - PlatSec Development

Greater Seattle Area

Full-time

Hybrid

Lead/Staff

$186K/yr - $280K/yr

12+ years exp

F5 is dedicated to creating a better digital world, focusing on cybersecurity to enhance application security. The Principal Engineer in PlatSec Development will drive secure coding practices, conduct code reviews, and collaborate with development teams to integrate security throughout the software development lifecycle.

Consumer ElectronicsSaaSSecurityVirtualization

H1B Sponsor Likely

Responsibilities

Conduct comprehensive security code reviews to identify vulnerabilities and weaknesses in BIG-IP product code

Perform manual and automated code analysis using static (SAST) and dynamic (DAST) analysis tools

Review code for compliance with secure coding standards (OWASP, CWE/SANS Top 25, CERT)

Analyze security implications of design decisions in application delivery, traffic management, and security modules

Collaborate with BIG-IP development teams to integrate security best practices into the SDLC

Develop and maintain security coding guidelines, standards, and checklists tailored for F5 products

Define security requirements and controls for system designs, APIs, and authentication/authorization mechanisms

Champion secure-by-design principles across engineering teams

Mentor junior engineers on security best practices and code review techniques

Analyze vulnerability reports, CVEs, and security advisories to assess impact and recommend fixes

Track security findings through resolution using Bugzilla or similar tracking systems

Stay current with latest security threats, attack vectors, and defensive technologies relevant to application delivery and network security

Evaluate and recommend new security tools and methodologies to improve code security posture

Leverage AI-powered security tools for enhanced vulnerability detection and code analysis

Qualification

Secure CodingProgramming LanguagesStatic Analysis ToolsDynamic Analysis ToolsCode Review MethodologiesSource Code ManagementSDLC IntegrationAI Security SkillsCertificationsAnalytical SkillsCommunication SkillsCollaborative Mindset

Required

12+ years of hands-on experience in secure code review and secure software development

Proven track record identifying and remediating security vulnerabilities in production code

Experience integrating security into agile software development processes

Programming Languages: Python, Java, C/C++ (proficiency required)

Secure Coding: Deep understanding of secure coding principles, OWASP Top 10, CWE/SANS Top 25

Static Analysis Tools: SonarQube, Checkmarx, Fortify, Coverity, Semgrep

Dynamic Analysis Tools: Burp Suite, OWASP ZAP, Acunetix

Code Review Methodologies: Manual code review, peer review, automated scanning integration

Source Code Management: Git, GitHub, GitLab, Bitbucket

SDLC Integration: CI/CD security gates, GitHub Actions, Jenkins

Strong analytical and problem-solving skills with attention to detail

Excellent written and verbal communication skills for technical and non-technical audiences

Ability to articulate security risks and recommended mitigations to development teams

Collaborative mindset with ability to influence engineering culture

GIAC Secure Software Programmer (GSSP)

Certified Secure Software Lifecycle Professional (CSSLP)

CEH (Certified Ethical Hacker)

OSCP (Offensive Security Certified Professional)

Bachelor's degree in Computer Science, Information Security, Software Engineering, or related field

Equivalent practical experience in secure software development will be considered

Preferred

Familiarity with F5 BIG-IP architecture, TMOS, iRules/iApps development

Understanding of application delivery, load balancing, SSL/TLS processing, and WAF functionality

Experience with network protocols and security features (HTTP/S, DNS, IPsec, authentication)

Knowledge of cryptographic implementations and common pitfalls

Experience with API security, authentication/authorization frameworks (OAuth, SAML, JWT)

Understanding of product security concepts: Secure Boot, FIPS compliance, code signing

Familiarity with threat modelling methodologies (STRIDE, PASTA, OCTAVE)

Experience with container security and Kubernetes for BIG-IP containerized deployments

Knowledge of scripting for security automation (Bash, PowerShell)

Familiarity with vulnerability assessment and penetration testing techniques

AI Security Skills: Experience using AI-powered code analysis tools or LLM-assisted security reviews

Benefits

Incentive compensation

Bonus

Restricted stock units

Benefits

Company

F5

Glassdoor3.9

F5 is a multi-cloud application services and security company that specializes in application security, performance, and delivery.

Founded in 1996

Seattle, Washington, USA

5001-10000 employees

https://www.f5.com

H1B Sponsorship

F5 has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (155)

2024 (110)

2023 (211)

2022 (194)

Funding

Current Stage

Public Company

Total Funding

unknown

Key Investors

Elliott Management Corp.

2020-11-08Post Ipo Equity

1999-06-04IPO

1998-09-24Series Unknown

Leadership Team

François Locoh-Donou

President and CEO

Mohan Veloo

Chief Technology Officer - Asia Pacific, China & Japan

Recent News

Business Wire

F5 Accelerates AI Security With Integrated Runtime Protection for Enterprise AI at Scale

2026-01-16

Business Wire

F5 NGINXaaS for Google Cloud Advances Cloud-Native Application Delivery and Security

2026-01-15

GlobeNewswire

Portnoy Law Firm Announces Class Action on Behalf of F5, Inc. Investors

2025-12-24

Company data provided by crunchbase