Key skills
F5 BIG-IPF5 ASM/AWAFF5 APMF5 Distributed Cloud (XC)NGINX App ProtectBIG-IP LTMBIG-IP GTMBIG-IP AFMLinux administrationLinux scriptingBash scriptingTMSH CLITCL programmingiRulesRegular expressionsHTTP/S protocolsSSL/TLSTraffic inspection toolsDNSF5 vCMPCloud platforms AWSCloud platforms AzureCloud platforms GCPF5 Certified Technology SpecialistF5 Certified Solution ExpertPythonPerlShellBashAWSAzureGCPTerraformKubernetesAnsibleNGINXAPI GatewayAzure ADOAuthOktaSAMLLDAPActive DirectorySSOGitOpsService MeshLoad BalancingSaaSCI/CDPenetration TestingZero TrustWAFFirewall
About this role
WorldTech IT is a premier service provider specializing in delivering, managing, and maintaining F5 solutions. They are seeking an F5 Engineer with deep expertise across the full F5 portfolio to implement and manage various F5 technologies and solutions for their clients.
Responsibilities:
- Deliver expert-level LTM and GTM configuration for virtual servers, pools, nodes, monitors, SSL termination, iRules, admin partitions, and route domains
- Deploy BIG-IP on all current hardware platforms such as iSeries, rSeries, Viprion, and Velos as well as on cloud providers (AWS, Azure, GCP)
- Upgrade BIG-IP software as needed to patch CVEs or apply relevant bug fixes
- Execute AFM tasks including firewall rule management, management of port protection, and basic firewall policy implementation
- Apply advanced Linux scripting capabilities (cut, sort, grep, shell scripting) for operational automation and troubleshooting
- Perform complex Advanced Troubleshooting and root cause analysis for client cases
- Implement new BIG-IP ASM/AWAF solutions and manage policy lifecycle for external customers and perform policy tuning to reduce false positives and mature WAF posture over time
- Expand use of AWAF advanced technologies such as Bot Defense, DoS Mitigation, Brute Force Logon Defense, and API protection
- Provide customers with reports outlining WAF policy effectiveness and prioritized areas for improvement
- Upgrade BIG-IP software as needed to patch CVEs or apply relevant bug fixes
- Troubleshoot WAF and related configurations and assist teammates with escalations
- Architect and deploy full BIG-IP APM solutions including access policies, per-request policies, webtops, and resource assignments for enterprise customer environments
- Design and implement federation and SSO architectures using SAML 2.0 (IdP and SP-initiated), OAuth 2.0, OpenID Connect, and Kerberos-based authentication flows
- Configure and troubleshoot MFA integrations including RADIUS, LDAP, Active Directory, and third-party MFA providers (Duo, Okta, Azure AD)
- Build complex Visual Policy Editor (VPE) workflows incorporating branching logic, iRules integration, and dynamic resource assignment
- Design Zero Trust access architectures leveraging APM per-app VPN, clientless remote access, and endpoint inspection policies
- Troubleshoot advanced APM issues including session variable debugging, policy trace analysis, and OAuth/OIDC token flow failures
- Perform APM high availability configuration and manage failover behavior across active/standby and active/active BIG-IP pairs
- Onboard and migrate workloads into F5 XC, including App Connect, Network Connect, and CE (Customer Edge) deployments
- Deploy and deliver XC ADN/WAAP in SaaS Mode with advanced add-ons including API Management, Bot Defense Standard (Shape), Client-Side Defense, and Traffic Insights
- Manage origins serviced by existing CE (Customer Edge) infrastructure and deliver XC WAAP and LB services on top of CE deployments
- Administer XC Bot Defense, DDoS Protection, API Discovery, and advanced Service Policy configurations
- Troubleshoot XC service mesh, load balancing, origin pool configurations, and CE connectivity
- Deploy and manage NGINX App Protect WAF and DoS modules in customer environments
- Configure NGINX as a reverse proxy, API gateway, and load balancer in both traditional and containerized (Kubernetes) environments
- Maintain and tune NGINX App Protect policies, signature sets, and custom attack signatures
- Support NGINX Plus deployments including health monitoring and HA configurations (active-active / active-passive)
- Integrate NGINX into CI/CD pipelines and GitOps workflows where applicable
Requirements:
- Minimum 5 years of developing and maintaining F5 BIG-IP and ASM/AWAF policies
- 2-3 years of hands-on experience with F5 APM architecture, deployment and optimization
- 2-3 years of hands-on experience with F5 Distributed Cloud (XC) WAF and/or NGINX App Protect
- Legally authorized to work in the United States
- Willing to undergo background checks in accordance with local law/regulations
- Advanced understanding of admin partitions, route domains, AFM, and BIG-IP security hardening
- Extensive knowledge of HTTP/S, SSL/TLS, and traffic inspection using Fiddler, HttpWatch, tcpdump, and Wireshark
- Strong Linux administration and scripting skills (Bash; advanced grep, cut, sort, sed/awk)
- Expert F5 TMSH CLI skills
- Proficiency with TCL, iRules, and regular expressions
- Working knowledge of DNS and F5's GTM/DNS modules
- Familiarity with hypervisors including F5 vCMP and deployment on major cloud providers
- F5 Certified Technology Specialist (CTS) 301A&B, 302, 303 and 304
- F5 Certified Solution Expert (CSE) 401
- Experience with F5 XC API Security for discovery, schema enforcement, and shadow API detection
- Experience with penetration testing tools such as Burp Suite and Qualys WAS
- Familiarity with NGINX Ingress Controller and Kubernetes-native deployments
- Scripting proficiency in Bash, Python, Perl, or TCL for automation and tooling
- Experience with Ansible or Terraform for F5 infrastructure-as-code automation
- Network design and operations experience in ICPs such as AWS, Azure, GCP, and IOC
- Familiarity with containerized environments, microservices, and service mesh concepts
- Experience with F5 XC Multi-Cloud Networking with App Connect and Network Connect