Key skills
JavaJenkinsPythonSDLCC++CAIGitHub ActionsGitGitHubGitLabBitbucketAgileCI/CDCommunicationSonarQubeCheckmarxOWASP
About this role
Role Overview
- Drive secure coding practices across the F5 BIG-IP platform by conducting code reviews
- Identify security vulnerabilities and collaborate with development teams to integrate security throughout the software development lifecycle
- Conduct comprehensive security code reviews to identify vulnerabilities and weaknesses in BIG-IP product code
- Perform manual and automated code analysis using static (SAST) and dynamic (DAST) analysis tools
- Review code for compliance with secure coding standards (OWASP, CWE/SANS Top 25, CERT)
- Analyze security implications of design decisions in application delivery, traffic management, and security modules
- Develop and maintain security coding guidelines, standards, and checklists tailored for F5 products
- Define security requirements and controls for system designs, APIs, and authentication/authorization mechanisms
- Champion secure-by-design principles across engineering teams
- Mentor junior engineers on security best practices and code review techniques
- Track security findings through resolution using Bugzilla or similar tracking systems
- Stay current with latest security threats, attack vectors, and defensive technologies
- Evaluate and recommend new security tools and methodologies to improve code security posture
- Leverage AI-powered security tools for enhanced vulnerability detection and code analysis
Requirements
- 12+ years of hands-on experience in secure code review and secure software development
- Proven track record identifying and remediating security vulnerabilities in production code
- Experience integrating security into agile software development processes
- Programming Languages: Python, Java, C/C++ (proficiency required)
- Deep understanding of secure coding principles, OWASP Top 10, CWE/SANS Top 25
- Static Analysis Tools: SonarQube, Checkmarx, Fortify, Coverity, Semgrep
- Dynamic Analysis Tools: Burp Suite, OWASP ZAP, Acunetix
- Manual code review, peer review, automated scanning integration
- Source Code Management: Git, GitHub, GitLab, Bitbucket
- SDLC Integration: CI/CD security gates, GitHub Actions, Jenkins
- Strong analytical and problem-solving skills with attention to detail
- Excellent written and verbal communication skills for technical and non-technical audiences
- Ability to articulate security risks and recommended mitigations to development teams
- Collaborative mindset with ability to influence engineering culture
Tech Stack
- Java
- Jenkins
- Python
- SDLC
Benefits
- Hybrid work options
- Equal Employment Opportunity
- Reasonable accommodations for candidates