At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Position Overview: F5 is seeking a highly experienced and results-driven Technical Program Manager (TPM) to lead and manage critical programs focused on software security. This is a senior level role that will drive initiatives that enhance F5s security posture by implementing best practices for vulnerability management, security scanners, CVE tracking, Security Software Development Life Cycle (SDLC), and more. The ideal candidate will have a deep understanding of security programs, a strong technical background in software development, and a proven track record of successfully delivering cross-functional initiatives in complex environments. As a trusted leader, you will collaborate closely with engineering, security, product, and operations teams to ensure F5s products and processes meet the highest security standards while enabling business objectives. Key Responsibilities: Program Management: Strategically plan and deliver programs and initiatives across key security and vulnerability management areas, including implementation of security tools (scanners, CI/CD integrations), tracking and addressing vulnerabilities (e.g., CVEs), and enforcing best practices throughout the software development lifecycle. Own program roadmaps, timelines, deliverables, and reporting, ensuring execution aligns with business goals, security requirements, and resource capacity. Drive key metrics and outcomes for security, tracking improvements in vulnerability remediation, compliance, and overall risk reduction. Security SDLC and Vulnerability Management: Partner with engineering and security teams to integrate Security SDLC (Secure Software Development Lifecycle) best practices into the development process, ensuring security is considered and implemented at every stage. Manage programs for vulnerability detection, assessment, and remediation to ensure timely resolution of security risks identified across F5 products and environments. Develop and implement governance processes for tracking and addressing externally reported vulnerabilities, such as Common Vulnerabilities and Exposures (CVEs) , ensuring effective prioritization and swift resolution. Cross-Functional Collaboration: Build strong relationships with software engineering, product management, cybersecurity, IT, and operations teams to foster alignment across security-related goals and projects. Act as the central point of coordination for security initiatives, driving progress and ensuring accountability across stakeholders. Facilitate efficient communication between technical and non-technical teams to ensure clarity around priorities, goals, and timelines. Risk and Compliance Management: Drive alignment on security requirements, risk tolerance, and compliance needs, partnering with internal and external security auditors where required. Ensure teams are meeting corporate and industry security standards, including regulatory and policy compliance, while achieving development velocity. Proactively identify and manage security risks through effective mitigation planning and ongoing tracking. Process Improvement and Tooling: Evaluate current security program practices, tools, and workflows, identifying gaps and opportunities for improvement in efficiency and effectiveness. Lead the implementation of automated tools for static and dynamic code analysis, dependency scanning, and configuration management to identify and address vulnerabilities earlier in the development process. Metrics and Reporting: Define, track, and report on KPIs and success metrics for security efforts, including vulnerability remediation rates, defect density reduction, and SLAs for incident response. Provide clear and actionable updates to executive leadership and key stakeholders on the status of security programs, progress, risks, and outcomes. Qualifications: Education: Bachelors degree in Computer Science, Software Engineering, Cybersecurity, or a related technical discipline (Masters preferred). Experience: 8+ years of experience in program management, with at least 3 years focused on security programs, vulnerability management, or security operations (senior level); 10+ years for principal level. Proven experience implementing Security SDLC processes and collaborating with software teams to deliver secure, production-grade solutions. Solid understanding of security domains, particularly vulnerability scanning tools (e.g., Tenable Nessus, Snyk, Qualys), CVE tracking, dependency management, and secure coding practices. Technical Expertise: In-depth knowledge of software development methodologies, including Agile and DevSecOps principles. Familiarity with CI/CD pipelines, source code repositories, and tools for static/dynamic application security testing (e.g., SonarQube, Checkmarx, Veracode). Understanding of vulnerability databases (e.g., NVD), common exploitation techniques, and secure design principles. Basic understanding of threat modeling and risk assessment techniques (stronger expertise is a plus). Leadership and Collaboration: Experience working in highly cross-functional, multi-team environments, with the ability to motivate, guide, and align diverse stakeholders. Exceptional interpersonal, written, and verbal communication skills, with the ability to convey complex security requirements and issues to non-technical audiences, executives, and engineering teams alike. Demonstrated ability to influence without authority and lead by example. Problem Solving and Decision Making: Ability to analyze complex problems, evaluate trade-offs, and make sound decisions in a fast-paced environment. Strong risk management skills, with the ability to balance security needs with engineering velocity and business priorities. Preferred Qualifications: Project management certification (e.g., PMP, PgMP, or PMI-ACP) or security-related certifications (e.g., CISSP, CISM, or CISA). Experience with cloud security and platform-oriented vulnerability management tools like Bugzilla or similar. Familiarity with emerging cybersecurity trends and zero-day vulnerability exploitation techniques. Knowledge of networking and application delivery technologies (F5 experience is a plus!). The is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change. Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com ) . Equal Employment Opportunity It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates . Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.
