Principal Enterprise Security Engineer
Insight Engines
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
Principal Enterprise Security Engineer
Location: Remote
Reports To: VP of Infrastructure and Security
Department: Infrastructure and Security
About the Role
We are seeking a seasoned Principal Enterprise Security Engineer to design, implement, and manage enterprise-wide security solutions. You'll shape our security strategy across endpoint protection, network, SaaS, IAM, and observability, while aligning to NIST and CIS standards. This role reports to the Head of Enterprise Security, with close collaboration with the CISO, CISO staff, and cross-functional teams.
Key Responsibilities
- Security Architecture & Governance 
- Architect enterprise security solutions across endpoints (EDR/XDR), networks, SaaS, and identity/infrastructure. 
- Ensure compliance with NIST SP 800-53, CIS benchmarks, and FedRAMP (Low/Moderate/High) standards. 
- Design for DoD Impact Levels IL‑4 and IL‑5 environments, integrating enhanced controls beyond FedRAMP High 
- IAM & Access Management 
- Implement and manage IAM frameworks: RBAC, MFA, SAML, OAuth, SCIM. 
- Regularly review and optimize privilege configurations. 
- Endpoint & Network Security 
- Deploy and manage endpoint security tools (e.g., CrowdStrike, SentinelOne). 
- Define network security strategies including firewalls (e.g., Palo Alto), micro-segmentation, VPNs. 
- Develop and maintain device health assessments and dashboards leveraging device telemetry from enterprise security tooling. 
- Configure and maintain Data Loss Prevention (DLP) tooling & policies. 
- Support security deployments and configurations across multiple operating systems - Windows 10/11, macOS, Window Server, RHEL, Oracle, CentOS 
- Experience with Security Service Edge and Software-Defined Perimeter enables ZTNA solutions such as NetSCOPE, Zscaler, and PAN 
- SaaS Security & Cloud Compliance 
- Secure SaaS applications using SSPM tools and integrate them into governance frameworks. 
- Maintain compliance evidence for FedRAMP/DoD IL audits and ATO packages 
- Incident Response & Threat Intelligence 
- Lead incident response efforts: detection, triage, investigation, mitigation, and post-mortems. 
- Coordinate with threat intel teams to feed strategic threat insights into detection logic and tools. 
- Vulnerability Management & Observability 
- Own vulnerability scanning, CVE tracking, patch-rollout, and POA&M development. 
- Build and tune observability systems (SIEM, EDR, logging, telemetry) to support security posture. 
- Automation & Scripting 
- Automate security workflows using Python, PowerShell, Bash, or similar languages. 
- Integrate automation into tooling for reporting, incident response, compliance, detection, and remediation. 
- Collaboration & Communication 
- Collaborate with the CISO and staff to align security initiatives with organizational strategy. 
- Communicate technical concepts clearly to leadership, compliance, legal, and engineering teams. 
- Develop and deliver security training and awareness for teams across the enterprise. 
Qualifications & Experience
- Education: Bachelor’s degree in cybersecurity, computer science, engineering—or equivalent years of corporate security/SOC experience. 
- Experience: 7+ years in enterprise or cloud security with hands-on background in IAM, endpoint/network/SaaS security, incident management, vulnerability management, and log analytics. 
- Compliance Know-How: 
- Solid understanding of FedRAMP security controls and audit frameworks. 
- Experience with DoD IL‑4/IL‑5 programs—understand added encryption, personnel restrictions, and control overlays Technical Skills: 
- Proficiency with tools like CrowdStrike, Palo Alto, F5, Splunk/ELK, and IAM platforms (Okta, Entra ID, etc.). 
- Strong scripting/automation using Python, PowerShell, Bash, etc. 
- Security Frameworks: NIST SP 800-53/171, CIS Benchmarks, FedRAMP, DoD CC SRG. 
- Soft Skills: Strong verbal and written communication; ability to convey complex topics to executives; experience working with stakeholders across multiple time zones. 
- Nice to have experience with F5 BigIP LTM 
- Personality Traits: Strategic thinker, collaborative, proactive, with the ability to thrive in fast-moving environments. 
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
The annual base pay for this position is: $152,000.00 - $228,000.00F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.
You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.
