What You’ll Be Doing:
Establishing an understanding of F5 Clouds entire production environment, from applications to infrastructure, keeping up-to-date with material changes and future directions.
Handling live intrusions and incident response cases, in a customer-oriented and transparent manner, to minimize the impact of bad actors on the internet.
Collect digital artifacts from cloud systems for analysis to reconstruct what may have transpired on a system leveraging digital forensics methodologies.
Analyzing network traffic to identify compromised systems, negate denial of service attacks, and pinpoint resource abuse.
Identifying trends in abusive activity, communicating with leadership to keep them apprised, and advocating for appropriate product changes to prevent future occurrences.
Acting as a point of contact for security and related incidents: providing supporting data for critical issues, downtime events, and Post-Mortem reports.
Helping build tools to identify or automate response to abusive activity.
Building strong relationships with the other technical teams across our engineering and infrastructure functions to harden account, platform, and service structures to combat intrusions, compromises, and disruptive activities.
What You'll Add to F5 Clouds:
Experience handling live incident response activities transparently, in a fast-paced team environment where accuracy of analysis determines business impact.
Ability to differentiate between normal and unusual resource usage patterns in customer and employee network/system behaviors in order to hunt for subtle anomalous patterns.
Both dead-disk and live digital forensics experience, especially on Linux or Unix systems using open-source tools in an enterprise production environment at scale.
Data analysis skills, including familiarity with relational databases, structured query languages, logging infrastructures, and data visualization tools (Similar looker, grafana, kentik).
Familiarity with basic static and dynamic malware analysis for triage, identification, prioritization, and remediation of new malware families and behaviors.
A high degree of curiosity and aptitude, with a clear passion for security and the desire to keep our employees, customers, and the internet safe.
Clear written and verbal communication skills to include technical writing, presenting, coaching, mentoring.
Consistently improving security as the platform scales, driving continuous improvement through data collection and correlation, being mindful that security should be an efficiency enabler for the business - not a detractor.
What We’d Love You to Have:
Experience in one or more of the following:
Vulnerability Analysis, Scoping, and Mitigation Planning
Threat Intelligence Collection / Analysis / Dissemination
Network Protocol Analysis
Coding, automation, or scripting skills