Sr Penetration Tester

F5

F5 application services ensure that applications are always secure and perform the way they should—in any environment and on any device.

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

What you'll do:

1. Work independently and collaboratively with a team to both lead and support.
2. Hands-on application and hardware penetration testing of F5 products.
3. Hands-on network and application testing of the F5 enterprise security posture.
4. Work to maintain a custom testing toolkit to assist in red and purple team activity.
5. Ensure quality reports, test plans, and other deliverables are efficient and on time.
6. Provide recommendations for technical security or compliance risks.
7. Manage team priorities in collaboration with a program manager.
8. Operate with integrity. Always.
9. You will strengthen existing partnerships and build new ones with key organizations to deliver benefits to us and our customers.
10. Work with InfoSec leadership to continue to grow this program within F5.

What you'll bring:

1. Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures.
2. Application penetration testing and assessment tradecraft and methodologies (including browser-based, API, and thick client).
3. Cloud Service penetration testing tradecraft and methodologies across multiple service providers (e.g., AWS, GCP, etc.).
4. Network/host-based penetration testing tradecraft and methodologies.
5. Background in Linux networking and protocols.
6. An interest in leadership both through practice maturation and by mentoring junior teammates.
7. Strong understanding of security principles, policies, and industry best practices.
8. Minimum of 8 years’ experience in Application Security and/or Hardware Security.
9. Red/purple team operations experience.

Bonus Points:

1. Experience with building custom tools to assist security assessments.
2. At least 3 years experience with security code review.
3. Proficient in C, C++, Java, Go, and/or NodeJS; Strong working knowledge of at least two programming or scripting languages.
4. Experience with assessment of containerized environments (Docker, Kubernetes).
5. Experience with static code analysis tooling.
6. Experience with traffic processing products assessment.
7. Mobile device and application penetration testing on both iOS and Android platforms.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

The annual base pay for this position is: $133,290.00 - $199,934.00.

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity:

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws.