This position is responsible for internal red-team penetration testing of F5’s BIG-IP product lines utilizing open-source, commercial and home-grown tools. Consults with development teams on findings, remediation options and automation of PoCs. Manages assigned projects independently and in conjunction with red teams in Tel Aviv and Hyderabad.
- Hands on penetration testing of F5 products – from servers and microservices to clients and web applications
- Perform code and configuration security reviews in critical parts of the products
- Participating in threat modeling of new product features
- Building custom instrumentation and tools to assist security assessments
- Presenting findings and working closely with architectural and development teams to ensure products developed in line with our security standards
- Assisting and mentoring with internal secure development education and F5's "Security Ninjas" program
- At least 3 years expertise in hands on security assessment and security code review.
- Proficient in reading code written in C, C++ and JAVA (Additionally Golang and node.js are an advantage)
- Strong experience with assessment of securing containerized environments (docker, k8) is a must
- Experience with manual and automatic testing tools
- Low-level understanding of security principles, theories, and attacks.
- Outstanding knowledge and background in Linux OS mechanisms, networking, and protocols.
- Experience in developing tools in Python.
- Bachelors degree in relevant field with 8+ years of experience or equivalent experience
- Positive upbeat teammate
Desired Qualifications (Advantage)
- Shown experience with static code analysis and fuzzing tools
- Experience with traffic processing products assessment (Router, Load Balancer, DNS, FW, WAF)
- Experience with mobile applications security assessment
F5 is an equal opportunity employer and we embrace diversity