Sr Security Engineer - Logging & SIEM Engineering
Volterra
At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
In this role, you will collaborate with highly skilled engineers in a global, fast‑paced, and continuously evolving environment. This is a senior technical engineering position focused on building, maturing, and owning F5’s logging pipelines, SIEM platforms, telemetry ingestion architecture, and detection‑supporting workflows. The ideal candidate is already a Subject Matter Expert (SME) in logging, SIEM engineering, and security telemetry, and is capable of mentoring other team members.
This is not a security analyst role. This position supports IR and SOC by providing high‑quality telemetry, platform reliability, and engineering expertise.
What Will You Do?
Lead and own logging frameworks, ingestion pipelines, and SIEM platform management.
Establish logging requirements for diverse data sources across cloud and on‑prem environments.
Collaborate with system owners and engineering teams to plan and support reliable log onboarding.
Mentor team members to grow their capability in logging and SIEM engineering.
Partner with detection engineers and responders to improve alert fidelity, tuning, and workflow integration.
Identify and automate manual processes to reduce operational overhead.
Diagnose and resolve complex technical and operational issues related to logging, SIEM, and telemetry.
Support investigation casework by providing advanced log-based analysis when needed.
Communicate clearly with stakeholders including engineering teams, leadership, and legal.
Define and report metrics that demonstrate logging and SIEM platform health and maturity.
Develop documentation, standards, and runbooks for logging and SIEM operations.
Contribute to Threat Model Assessments and review logging coverage against identified risks.
Ensure compliance with F5 security policies and protect information assets.
Provide IR support as needed.
Perform other related duties as assigned.
Knowledge, Skills, and Abilities
Extensive experience in log collection, normalization, parsing, schema management, and troubleshooting.
Deep understanding of SIEM architecture, data pipelines, correlation logic, and integrations.
Strong ability to analyze logs to identify suspicious behavior and threat activity.
Solid understanding of the MITRE ATT&CK framework.
High proficiency configuring SIEM solutions and integrating diverse data sources.
Strong attention to detail and problem-solving skills.
Highly self‑motivated with strong interpersonal communication skills.
Ability to drive work independently and deliver clear updates.
Experience with CrowdStrike NGSIEM and LogScale.
Experience with CrowdStrike modules (Identity, Cloud Security, Falcon Shield, Exposure Management).
Experience scripting with Python or Bash.
Experience using APIs for ingestion workflows.
Cloud logging experience across AWS, Azure, or GCP.
Additional (Preferred)
GIAC certifications (GCIH, GCFR, GCDA, etc.)
SOAR tooling experience.
Experience querying with Athena, BigQuery, or KQL.
Experience leading incident response efforts.
FedRAMP logging experience.
Qualifications
7+ years of experience in security engineering or SRE with logging/SIEM focus.
Understanding of modern attack techniques.
Bachelor's degree in a related field or equivalent experience.
Ability to thrive in a fast‑paced operations environment.
Strong written and verbal communication skills.
Physical Demands and Work Environment
Work is primarily performed at a desk using a computer. This role may require participation in an on‑call rotation and work outside normal business hours, including mornings, evenings, weekends, and holidays.
LI-KT1
#LI-DNI
You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.