People Matter

SOC Engineer I (WAF)



Guadalajara, Jalisco, Mexico
Posted on Thursday, June 27, 2024

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Job Description

***This position is located in Guadalajara and 2-3 days per week office attendance is required***

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Our Security as a Service (SaaS) Security Operations Center (SOC) is the epicenter of dynamic security events; clients under siege daily, with new attacks and attack vectors evolving continuously.

You will partner collaboratively with seasoned engineers to keep our customers safe and stop attackers cold, around the clock. As part of our Global SOC team, you will be responsible for managing cloud-based security systems on behalf of our clients, providing real time protection, detection, mitigation, and resolution of security events. The SOC WAF (Web Application Firewall) Engineer is a master of WAFs and, a skilled security defender.

When not unravelling security issues, you may spend time mentoring and training colleagues, troubleshooting processes, and spreading security knowledge throughout the business or investigating new attacks and defenses.

A contender for this role possesses a passion for information security, enjoys solving problems and sharing knowledge with others, excels under pressure, and is continuously looking for opportunities for personal and team improvement.

This role may be required to work outside of core business hours including early morning, late evening, overnight, weekends, and holidays.

Attractions of the Job

The Security Operations Center is a critical component of the Security & Distributed Cloud Portfolio. Our expert Security Engineers defend a wide spectrum of companies from online fraud, DDoS (Distributed Denial of Service), Application layer, and other security threats.

You will work side-by-side with some of the finest Security Engineers in the world, leveraging the best security products available, defending against attacks in real-time, analyzing industry trends, and innovating new protections against a variety of evolving threats and vulnerabilities.

What will you do?

  • Take proactive and reactive steps to mitigate Application Layer security attacks or threats against our customers
  • Interact directly with customers who are under attack via phone, chat, email and/or ticketing systems
  • Provide proactive and real-time guidance to customers on security protocols and defensive security response
  • Document actions taken in incident management systems, knowledge base, or ticketing systems as required
  • Establish yourself as a trusted security advisor internally and externally
  • Assist clients with onboarding and provisioning
  • Engage and support cross-functional teams
  • Appropriately manage time and customer issues based on issue severity and business needs
  • Collaborate with Product Management and Development on requirements and product release activities
  • Identify, define, and implement process and procedure improvements
  • Ensures documented processes and procedures are relevant and up to date

Minimum Qualifications

  • 0-2 years’ experience administering Web Application Firewalls
  • Must be able to communicate technical and operational details fluently in English (written and oral)
  • Skilled understanding and experience with HTTP and web application security (school project experience counts)
  • Familiarity with SQL injection, cross-site scripting, web scraping, CSRF, brute force, cookie manipulation, parameter tampering, and other emerging Layer 4-7 attacks/vulnerabilities to define, configure, and manage security policies encouraging RFC compliance
  • Excellent customer service skills
  • Troubleshooting and problem-solving ability including analytical thinking and a strong attention to detail

Preferred Qualifications

  • Interest in Cyber security and/or Network security, and/or prior NOC or SOC experience.
  • B.S/A.S, in Information System Security or related degree/experience
  • Background in Security Incident Response
  • Fluency in additional languages
  • Familiarity with a programming or scripting language.
  • Understanding in common enterprise network technologies
  • Fundamental Linux skills
  • Familiarity with F5 hardware and software (Big-IP, TMOS, iRules, iApps, iControl, etc.)
  • Web Server Administrator/Developer Experience
  • Have experience in analysis using tools such as Fiddler, HttpWatch, Burp Suite, socat, and netcat.

Skills & abilities you'll be improving:

  • Ability to excel in a dynamic, challenging, security-oriented operations environment
  • Undaunted by, and quickly capable of, coming up to speed on new and developing technologies
  • Relay technical information to customers with different levels of technical competence
  • Experience supporting corporate customers in production environments, working with relevant technologies
  • Experience working with Customer Support and Service Management portals, including provisioning, reporting, and configuration
  • Ability to perform log file analysis
  • Comfortable working with moderate supervision
  • Ability to develop creative, efficient solutions to complex problems
  • Expert technical knowledge of, and experience, troubleshooting TCP/IP networks
  • Detailed protocol analysis using tools such as tcpdump, tshark, and Wireshark
  • Packet manipulation and crafting using tools such as hping, scapy, and iptables
  • Traffic generation and replay using tools such as apachebench and tcpreplay
  • Possess a strong drive to continually learn, always asking “Why?”
  • Work well in a customer-event driven environment with little day-to-day oversight

Work Environment

  • Duties can be performed in an Operations Center environment (Guadalajara) OR remotely within the country (Mexico) while sitting at a desk or computer table
  • Duties require the ability to utilize a computer, communicate over the telephone and read digital material
  • Working in an environment where work hours are scheduled shifts in a full-time position
  • This role may be required to work outside of core business hours including early morning, late evening, overnight, weekends, and holidays
  • May be required to travel (5%), including possible international travel



The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with or auto email notification from Workday (ending with or

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting