F5 Engineer

Tyto Athene is searching for a F5 Engineer to support our DoD customer. This position supports the Boundary Control and Access Point (BCAP) infrastructure and F5 BIG-IP application delivery platforms within a secure, classified DoD or federal government environment. The engineer will be responsible for maintaining, troubleshooting, and optimizing network boundary security controls and F5 BIG-IP systems to ensure availability, integrity, and compliance with applicable cybersecurity frameworks. The ideal candidate brings deep technical expertise in network security, load balancing, traffic management, and federal cybersecurity compliance requirements.

• →Monitor, maintain, and troubleshoot Boundary Control and Access Point (BCAP) infrastructure components including firewalls, routers, switches, and associated security appliances.
• →Perform configuration management and change control procedures for BCAP boundary devices.
• →Enforce and maintain network access control policies at the boundary to protect classified and sensitive systems.
• →Coordinate with network operations center (NOC) and security operations center (SOC) teams to investigate and resolve boundary security events.
• →Support BCAP architecture reviews, upgrades, and technology refresh activities.
• →Ensure all BCAP components are operating within approved configurations and security baselines.
• →Administer, configure, and maintain F5 BIG-IP Local Traffic Manager (LTM) and Access Policy Manager (APM) in support of secure application delivery.
• →Develop and manage F5 iRules, profiles, pools, virtual servers, and persistence configurations.
• →Perform health monitoring, performance tuning, and capacity planning for F5 BIG-IP environments.
• →Troubleshoot application delivery issues including SSL/TLS offloading, load balancing failures, and traffic policy conflicts.
• →Support F5 software upgrades, patch management, and configuration backups.
• →Integrate F5 APM with identity and access management (IAM) solutions, including CAC/PKI authentication.
• →Configure and support Common Access Card (CAC) and Public Key Infrastructure (PKI) authentication mechanisms on F5 APM and network boundary systems.
• →Coordinate with PKI administrators to manage certificates, OCSP/CRL configurations, and certificate trust chains.
• →Troubleshoot CAC authentication failures and PKI validation issues across network and application layers.
• →Support Authority to Operate (ATO) processes for BCAP and F5 systems in accordance with NIST SP 800-53 and DoD RMF requirements.
• →Develop and maintain System Security Plans (SSPs), POA&Ms, and supporting RMF documentation.
• →Implement and validate security controls and continuous monitoring requirements for boundary and application delivery systems.
• →Participate in security assessments, audits, and vulnerability remediation activities.
• →Serve as a technical escalation point for network boundary and F5-related incidents.
• →Analyze traffic captures, logs, and system events to diagnose and resolve complex issues.
• →Support incident response activities including containment, eradication, and recovery for boundary security events.
• →Maintain detailed incident records and produce after-action reports as required.
• →Develop and maintain accurate network diagrams, configuration documentation, standard operating procedures (SOPs), and runbooks.
• →Create and update technical documentation in accordance with organizational and federal standards.
• →Provide knowledge transfer and cross-training to support team members.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field; OR equivalent combination of education and experience.
• 5+ years of experience in network engineering, network security, or systems administration within a DoD or federal government environment.
• Demonstrated hands-on experience administering F5 BIG-IP LTM and/or APM platforms.
• Working knowledge of BCAP architecture and boundary defense concepts.
• Strong understanding of TCP/IP networking, routing protocols (BGP, OSPF), VLANs, and firewall policy management.
• Experience with CAC/PKI authentication and DoD certificate management.
• Familiarity with NIST RMF processes and DoD cybersecurity compliance standards (DISA STIGs, DoD 8500/8510).
• IAT Level II certification required (CompTIA Security+, CySA+, or equivalent) per DoD 8570/8140 compliance.

• F5 Certified BIG-IP Administrator (F5-CA) or F5 Certified Technology Specialist (F5-CTS: LTM) certification.
• Experience with F5 BIG-IP DNS (GTM), Advanced Firewall Manager (AFM), or Application Security Manager (ASM/AWAF).
• Experience with Cisco ASA, Palo Alto, or Juniper firewall platforms in a BCAP or DMZ environment.
• Familiarity with SIEM platforms (Splunk, ArcSight, Elastic) for log analysis and security monitoring.
• Knowledge of cloud-based networking and hybrid cloud security architectures (AWS GovCloud, Azure Government).
• Experience with Ansible, Terraform, or other automation/infrastructure-as-code tools for network device management.
• CISSP, CCNP Security, or equivalent advanced certification.
• Prior experience working with Defense Information Systems Agency (DISA) or other DoD cybersecurity entities.

• Active DoD Secret clearance (minimum); TS/SCI preferred.