Security Researcher III

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Position Overview

F5 is seeking an experienced Senior Security Researcher conduct threat hunting and penetration testing for internet‑facing traffic management and security platforms that sit in front of critical applications, identities, and APIs, making them a high‑value control point for availability, performance, and security.

You will work within the Office of the CISO, partnering with cross-functional engineering, security and GRC teams to strengthen posture of large‑scale, mission‑critical systems.

Key Responsibilities

• Conduct proactive, intelligence‑driven threat hunts across endpoint, network, SaaS, and cloud data to identify activity that evades traditional security controls.
• Develop and test hunt hypotheses based on MITRE ATT&CK, adversary TTPs, emerging and stale vulnerabilities .
• Familiarity with CrowdStrike Falcon (EDR/XDR) and/or Netskope (SSE/CASB/SWG) telemetry to detect suspicious behaviors, lateral movement, and data exfiltration patterns.
• Perform deep technical analysis of intrusions, malware, and tools; reconstruct attack chains and identify root cause and detection gaps.
• Contribute to detection logic, advanced queries, and automation (e.g., Falcon queries, Netskope policies, SIEM/SOAR content) to operationalize hunt findings at scale.careers-peraton.
• Produce high‑quality written and verbal reporting, clearly explaining complex intrusions and risks to both technical and executive stakeholders.
• Partner with SOC, IR, red team, and CTI to validate prevention/detection coverage and tune controls against real‑world attack scenarios.
• Mentor junior analysts/hunters and help mature hunt methodologies, playbooks, and metrics.

Required Qualifications

• 5–8+ years of hands‑on experience in cybersecurity (Pentestng, IR, threat hunting, or threat intel), including direct ownership of complex investigations.
• Strong proficiency with at least one EDR/XDR platform, preferably CrowdStrike Falcon (queries, detections, RTR, dashboards) and/or Netskope (DLP, CASB, SWG, inline policies).
• Deep understanding of Windows and Linux internals, network protocols, and common attacker tradecraft (persistence, lateral movement, credential access, C2).
• Experience building and running hunts using SIEM/log platforms (e.g., Splunk, LogScale, Elastic, Sentinel) and writing complex queries for anomaly detection.
• Solid working knowledge of MITRE ATT&CK and its use in structuring hunts and mapping detections.
• Strong scripting/query skills (e.g., Python, PowerShell, KQL, SQL or similar) to automate analysis and hunting workflows.
• Excellent communication skills: able to turn raw telemetry and technical findings into clear recommendations and executive‑ready summaries.
• Work with a Global team with  follow the sun model, able to hand off complex work items, documentation and knowledge share for security or time bound events.

Preferred Qualifications

• Prior experience in a dedicated threat hunting, research or  Red Team at a large enterprise, MSSP, or security vendor.
• Experience investigating attacker activity in Azure, AWS, or major SaaS platforms (O365, Google Workspace, Salesforce, etc.).
• Published security research, conference talks, or public write‑ups on threats, detections, or hunt methodologies.
• Relevant certifications (e.g., GCTI, GCIA, GCFA, GNFA, GREM, OSCP, CRTO) are a plus.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].