At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
Cybersecurity & Information Security Counsel Role
Join F5 as a Cybersecurity & Information Security Counsel to shape our security posture, guide incident preparedness and response, and embed practical, business‑forward security requirements into product, platform, and go‑to‑market motions.
What You’ll Do
Lead & operationalize incident response and data breach legal workstreams: Advise on IR readiness, privilege protocols, and crisis decisioning; run legal materiality assessments and contribute to required disclosures (including support for SEC Form 8‑K cyber incident filings), coordinating closely with the CISO and the Corporate IR Team under established playbooks.
Own security terms in commercial negotiations: Draft and negotiate security and data protection schedules, support customer and vendor security reviews, RFPs, and audit requests, incident‑notification clauses, vulnerability remediation commitments, secure development and testing language, and shared‑responsibility delineations; align with internal control owners and the F5 Trust Center materials.
Guide security compliance strategy: Interpret and operationalize frameworks and obligations (e.g., SOC 2, ISO/IEC 27001, FedRAMP, NIST SP 800‑53/CSF, DORA) with Product, Security, Compliance, and GTM teams; help design controls and evidence plans that withstand customer and regulator scrutiny.
Advise on global cyber regulations: Track and translate evolving laws and guidance (e.g., NIS2, DORA, EU Cyber Resilience Act, sectoral breach rules, government‑contracting security) into actionable requirements for product and cloud services, partnering with stakeholders to land scalable processes.
Strengthen customer trust artifacts: Partner with Security, Product, and Customer‑Facing teams on Trust Center content, and security questionnaires to clearly articulate F5 and customer control boundaries and audit posture.
Enable secure‑by‑design delivery: Counsel on NIST SSDF practices, third‑party risk, SBOM posture, pen‑testing and coordinated vulnerability disclosure, data segregation, and identity/access controls across multi‑cloud and hybrid deployments.
Drive cross‑functional alignment: Work hand‑in‑hand with the Office of General Counsel colleagues (Business, Product, Commercial, Privacy/Compliance, IP) and security leaders to embed pragmatic, risk‑based guidance into roadmaps and contracts—ensuring security frameworks map cleanly to customer commitments.
Continuously improve programs: Develop playbooks, templates, and training; run post‑incident retrospectives; and streamline processes to increase speed, clarity, and defensibility.
Minimum Qualifications & What You’ll Bring
JD, LLB, or equivalent degree.
Admitted to the bar and in good standing or otherwise authorized to practice law in WA and/or CA .
6+ years of experience in cybersecurity and regulatory compliance at a law firm and/or in‑house.
Strong understanding of global cyber and data protection regulations.
Ability to engage deeply with engineering and security leaders.
Hands‑on counseling experience in incident response, cloud and platform security, and security compliance (e.g., SOC 2, ISO 27001, FedRAMP, NIST SP 800‑53/CSF).
Exceptional communication skills—able to translate technical concepts into clear, actionable legal guidance for a range of business partners.
Ability to operate calmly in crisis situations and manage and prioritize multiple projects in a dynamic environment, fostering collaboration and driving results.
Preferred Qualifications
8+ years legal experience, including in‑house counseling for technology or cloud/SaaS providers.
Familiarity with popular cloud platforms and multi‑cloud architectures.
Knowledge of network and application security technologies (e.g., WAF, DDoS mitigation, load balancing, bot detection, and API security).
Experience aligning programs to global frameworks and sectoral rules (SOC 2, ISO 27001/27701, PCI DSS, FedRAMP, NIST SP 800‑53/CSF) and supporting regulator or customer audits.
Success negotiating complex enterprise security terms at scale and partnering with customers’ security, procurement, and legal teams on risk allocation.
#LI-RGB1
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
The annual base pay for this position is: $245,600.00 - $368,400.00F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.
You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].
Top Skills
What We Do
F5 application services ensure that applications are always secure and perform the way they should—in any environment and on any device.
F5 (NASDAQ: FFIV) powers applications from development through their entire life cycle, across any multi-cloud environment, so our customers – enterprise businesses, service providers, governments, and consumer brands—can deliver differentiated, high-performing, and secure digital experiences.
