Senior Security Data Engineer

About the role

The Senior Security Data Engineer is responsible for designing, building, and operating data pipelines that ingest and integrate security and IT operations data from CrowdStrike, ServiceNow, raw log sources, and Nimbus storage into enterprise data platforms that feed Tableau dashboards, metrics, and alerting. This role sits at the intersection of security operations and data engineering, partnering closely with Security Operations, Threat Intelligence, and ITSM teams to deliver reliable, trusted data for investigations, reporting, and automation.

Responsibilities

• Design, implement, and maintain scalable data pipelines for ingesting logs and events from CrowdStrike, ServiceNow, and other security/IT systems into centralized storage and analytics platforms.
• Build and manage robust API-based integrations (REST/JSON) to collect data from CrowdStrike Falcon APIs, ServiceNow APIs, and other SaaS tools on scheduled and near real-time cadences.
• Develop ETL/ELT processes to clean, normalize, and join disparate data sources (raw logs, ticketing, endpoint telemetry, CMDB) into curated security-domain datasets optimized for analytics and reporting.
• Model and maintain schemas, views, and tables that serve as the foundation for Tableau dashboards, KPIs, SLA reporting, and security metrics.
• Implement alerting logic and data structures that support operational dashboards supporting alerting and monitoring based on combined CrowdStrike, ServiceNow, Nimbus and log data.
• Design and automate secure, reliable data transfer workflows between 3rd party API's, storage solutions (e.g., object storage, data warehouses, databases) using scripting and orchestration tools.
• Create and maintain reusable scripts and frameworks for data collection, transformation, data quality checks, and pipeline monitoring.
• Monitor data quality, completeness, and timeliness; implement validation, observability, and self-healing mechanisms for pipelines.
• Collaborate with security engineers, incident responders, and analysts to understand use cases and translate them into data models, metrics, dashboards, and automated alerting.
• Provide technical leadership and mentorship, code review, and mentoring for junior engineers and analysts working on data and automation initiatives.
• Required Skills and Experience
• 5-7+ years of experience in data engineering, analytics engineering, or similar roles, preferably in a security or IT operations environment.
• Strong proficiency in Python and SQL for complex queries, Log parsing & normalization (SIEM pipelines), SOAR automation, Threat intel ingestion.
• Advanced experience with Python for building ETL/ELT jobs, API integrations, data quality checks, and automation frameworks.
• Bash and Shell for CI/CD security checks, Incident response scripts System-level data collection and Automation across environments
• Solid experience with REST APIs and JSON, including authentication, pagination, error handling, and rate limiting.
• Hands-on experience integrating data from security platforms (ideally CrowdStrike Falcon) and ITSM tools (ideally ServiceNow) into data warehouses or analytics platforms.
• Experience designing data models and pipelines to support BI tools, preferably Tableau (extracts, performance tuning, data source design).
• Strong scripting experience (e.g., Bash and/or PowerShell) to automate data movement, file handling, and integration of tasks across storage systems and platforms.
• Demonstrated experience automating data transfer between Nimbis storage and other storage platforms (e.g., cloud object storage, on-prem storage, or data lakes), including scheduling, monitoring, and error handling.
• Familiarity with workflow orchestration tools (e.g., Airflow, Prefect, dbt, or cloud-native equivalents).
• Knowledge of security/SOC concepts (incidents, detections, tickets, CMDB/asset data, log types) and how they map into analytics, alerting, and reporting.
• Strong understanding of data engineering best practices: version control, CI/CD for data, code review, testing, and documentation.
• Preferred but optional Qualifications
• Experience with modern cloud data warehouses (e.g., Snowflake, BigQuery, Azure Synapse, Redshift) or traditional RDBMS used as Tableau backends.
• Experience working with log storage and SIEM or data lake platforms.
• Rust for Secure systems programming, Memory safety for agents & parsers and Growing in security tooling
• Background security operations, threat hu

Additional Information

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at ffive? Share your experience