Senior Architect – Application Security

Job Description: 

F5 is seeking a Senior Architect for Application Security to lead technical strategy and architecture across its entire security portfolio, including WAF, WAAP, DDoS mitigation, Bot Defense, API Security, TLS inspection, and identity-aware access. This role drives the evolution of F5’s security services across SaaS, hardware, and cloud-native platforms, ensuring they are integrated, scalable, and secure-by-design. As a senior technical leader, you will unify architectural direction, modernize legacy systems, and represent F5’s security vision in both internal strategy and external engagements. You will:   

• Define the cross-portfolio application security architecture strategy, covering hardware, software, and cloud-native solutions, and align it to F5’s long-term business and technology vision. 

• Establish architectural principles, patterns, and roadmaps that guide how WAF, WAAP, API security, DDoS, identity, client-side protection, and related capabilities are designed, integrated, and delivered. 

• Lead architectural modernization efforts to evolve monolithic or appliance-based capabilities into composable, API-driven services within a SaaS-native security control plane. 

• Influence the security posture and innovation roadmap across F5 Distributed Cloud Services, BIG-IP, NGINX, and future platform initiatives. 

• Champion architectural governance and threat modeling across teams to ensure scalability, observability, resiliency, and secure-by-default practices are institutionalized. 

• Drive cross-functional alignment across product, engineering, SRE, and infrastructure teams to ensure seamless and secure user experiences across hybrid, multicloud, and edge deployments. 

• Mentor a community of senior architects and engineers, raising the bar for application security talent across the company. 

• Represent F5’s technical vision in customer briefings, industry forums, regulatory discussions, and analyst engagements, serving as a technical ambassador for application security innovation. 
   

Job Duties and Responsibilities:  

• Design and validate architecture for WAAP services, distributed DDoS protection layers, advanced bot mitigation pipelines, client fingerprinting, fraud prevention engines, and access-aware enforcement controls. 

• Develop and evangelize reusable security frameworks and patterns across the product portfolio. 

• Collaborate with detection teams and data scientists to integrate machine learning, heuristics, and behavior analysis engines into runtime defense systems. 

• Define telemetry, feedback loops, and attack modeling infrastructure to continuously improve detection fidelity and response agility. 

• Work across organizational boundaries to ensure integration of security across the portfolio. 

• Guide compliance, privacy, and regulatory alignment by ensuring architecture supports evolving standards such as FIPS, FedRAMP, NIST CSF, ISO 27001, GDPR, and OWASP. 

• Drive architectural reviews, design validations, and threat models to ensure operational, security, and scalability concerns are addressed early. 

• Planning, tracking and scheduling software deliverables.  
   

Skills and Qualifications:  

• 12+ years of experience in software and security architecture roles, with at least 5 years focused specifically on application-layer security. 

• Proven track record architecting complex security systems in domains such as WAAP, API security, DDoS mitigation, bot protection, and malware detection. 

• Deep understanding of L7 protocols (HTTP/2, HTTP/3, WebSockets, gRPC) and application security standards (OWASP Top 10, NIST, MITRE ATT&CK). 

• Strong technical understanding of TLS, certificate management, identity and access protocols (OAuth2, OIDC, SAML), and secure session management. 

• Familiarity with zero trust architectures, policy-as-code, multi-tenant SaaS designs, and runtime enforcement in container-based platforms (Kubernetes, Istio, Envoy). 

• Demonstrated ability to set architectural strategy across product boundaries and influence senior engineering and product leadership. 

• Experience designing and implementing distributed cloud solutions at scale. 

• Understanding of containers and orchestration technologies.  

• Broad understanding of coding and programming languages.  

• Extensive knowledge of the software development process and corresponding technologies.  

• Excellent understanding of design patterns and architectural styles.  

• Proficient knowledge of the operation and development designs of agile software.  

• Strong soft skills, including attention to detail, problem-solving and communication skills.