Senior Security Data Engineer

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Overview

The Senior Security Data Engineer is responsible for designing, building, and operating data pipelines that ingest and integrate security and IT operations data from CrowdStrike, ServiceNow, raw log sources, and Nimbus storage into enterprise data platforms that feed Tableau dashboards, metrics, and alerting. This role sits at the intersection of security operations and data engineering, partnering closely with Security Operations, Threat Intelligence, and ITSM teams to deliver reliable, trusted data for investigations, reporting, and automation.

Key Responsibilities

• Design, implement, and maintain scalable data pipelines for ingesting logs and events from CrowdStrike, ServiceNow, and other security/IT systems into centralized storage and analytics platforms.
• Build and manage robust API-based integrations (REST/JSON) to collect data from CrowdStrike Falcon APIs, ServiceNow APIs, and other SaaS tools on scheduled and near real-time cadences.
• Develop ETL/ELT processes to clean, normalize, and join disparate data sources (raw logs, ticketing, endpoint telemetry, CMDB) into curated security-domain datasets optimized for analytics and reporting.
• Model and maintain schemas, views, and tables that serve as the foundation for Tableau dashboards, KPIs, SLA reporting, and security metrics.
• Implement alerting logic and data structures that support operational dashboards supporting alerting and monitoring based on combined CrowdStrike, ServiceNow, Nimbus and log data.
• Design and automate secure, reliable data transfer workflows between 3rd party API’s, storage solutions (e.g., object storage, data warehouses, databases) using scripting and orchestration tools.
• Create and maintain reusable scripts and frameworks for data collection, transformation, data quality checks, and pipeline monitoring.
• Monitor data quality, completeness, and timeliness; implement validation, observability, and self-healing mechanisms for pipelines.
• Collaborate with security engineers, incident responders, and analysts to understand use cases and translate them into data models, metrics, dashboards, and automated alerting.
• Provide technical leadership and mentorship, code review, and mentoring for junior engineers and analysts working on data and automation initiatives.

Required Skills and Experience

• 5–7+ years of experience in data engineering, analytics engineering, or similar roles, preferably in a security or IT operations environment.
• Strong proficiency in Python and SQL for complex queries, Log parsing & normalization (SIEM pipelines), SOAR automation, Threat intel ingestion.
• Advanced experience with Python for building ETL/ELT jobs, API integrations, data quality checks, and automation frameworks.
• Bash and Shell for CI/CD security checks, Incident response scripts System-level data collection and Automation across environments
• Solid experience with REST APIs and JSON, including authentication, pagination, error handling, and rate limiting.
• Hands-on experience integrating data from security platforms (ideally CrowdStrike Falcon) and ITSM tools (ideally ServiceNow) into data warehouses or analytics platforms.
• Experience designing data models and pipelines to support BI tools, preferably Tableau (extracts, performance tuning, data source design).
• Strong scripting experience (e.g., Bash and/or PowerShell) to automate data movement, file handling, and integration of tasks across storage systems and platforms.
• Demonstrated experience automating data transfer between Nimbis storage and other storage platforms (e.g., cloud object storage, on-prem storage, or data lakes), including scheduling, monitoring, and error handling.
• Familiarity with workflow orchestration tools (e.g., Airflow, Prefect, dbt, or cloud-native equivalents).
• Knowledge of security/SOC concepts (incidents, detections, tickets, CMDB/asset data, log types) and how they map into analytics, alerting, and reporting.
• Strong understanding of data engineering best practices: version control, CI/CD for data, code review, testing, and documentation.

Preferred but optional Qualifications

• Experience with modern cloud data warehouses (e.g., Snowflake, BigQuery, Azure Synapse, Redshift) or traditional RDBMS used as Tableau backends.
• Experience working with log storage and SIEM or data lake platforms.
• Rust for Secure systems programming, Memory safety for agents & parsers and Growing in security tooling
• Background security operations, threat hunting, or incident response.

Personal Leadership Characteristics

• Demonstrates calm decision-making under pressure, able to prioritize clearly when data, requirements, and stakeholders are noisy or ambiguous.
• Thrives in greenfield or rapidly changing environments, comfortable building processes, standards, and documentation from scratch rather than relying on established playbooks.
• Natural mentor who enjoys coaching junior engineers and analysts, giving clear feedback, pairing on complex problems, and creating growth paths for the team.
• Strong communicator who can translate technical tradeoffs into language that leadership, security operations, and non-technical partners understand.
• High ownership mindset takes responsibility for outcomes, not just tasks, and proactively identifies gaps in logging, data quality, or reporting and drives them to closure.
• Balances pragmatism and engineering rigor, knowing when to ship a workable solution quickly and when to invest in robustness, automation, and refactoring.
• Comfortable setting direction for a new function (roadmaps, standards, tooling choices) and influencing without formal authority across security, IT, and data teams.
• Emotionally mature, able to absorb “chaos” (conflicting priorities, incidents, urgent asks) without passing stress downstream to junior team members.
• Collaborative and low-ego, defaults to sharing credit, taking blame when needed, and fostering a psychologically safe environment where junior teammates can learn from mistakes.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.