Senior Threat Researcher

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.  Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.About F5Life at F5 is never dull. We are constantly identifying industry trends and disruptions, and innovating to get ahead of future customer needs. We are passionate about securing applications for our customers which include the Global and Fortune 100, federal and local government services, and many others worldwide.But our success isn’t driven solely by what we do. We also care deeply about how we do it. At F5, our culture is how we live, every single day. And it’s producing extraordinary results-not only for our customers, but also for our employees. We understand that your life is about more than just work, so we’re committed to a culture that supports your whole life. For this role, we are offering a fully remote work arrangement with F5’s exceptional benefits.Position SummaryF5 Labs is seeking a driven, analytical, and articulate cybersecurity researcher to join our small, focused threat research team. We’re looking for someone with a passion for uncovering trends in attacker behaviour and communicating their findings clearly to both technical and non-technical audiences.As a Senior Cybersecurity Threat Researcher, you’ll explore sensor attack logs, uncover long-term attack trends, automate analysis, build prototypes and tools, and turn raw data into compelling narratives that educate and influence. Our team’s work supports F5’s broader marketing and thought leadership goals—not through paid services, but by sharing our expertise through public reports, articles, and tools.This is an ideal role for someone who enjoys autonomy, can own projects from idea to publication, and is equally comfortable writing Python as they are writing a blog post or speaking on a webinar.Primary responsibilitiesResearch and analyze malicious traffic and attacker behavior across web, API, and application-layer protocols to uncover long-term patterns and emerging trendsBuild small tools, scripts, or datasets to support your research or contribute to the broader security communityTranslate complex findings into articles, reports, visuals, or presentations for a wide range of audiencesCollaborate with a small team of researchers, engineers, and communicators to deliver timely and relevant insightsRepresent F5 Labs externally via blog posts, webinars, podcasts, media interviews, and industry eventsSupport marketing and sales enablement efforts with high-impact research and commentaryMaintain a strong understanding of offensive and defensive security practices, with a particular focus on web, API, bot, and DDoS-related threatsOptionally, participate in proactive research efforts including honeypots, probing attacker infrastructure, and experimenting with emerging technologies like AI securityCore skills desired~10 years of experience in cybersecurity or a closely related fieldStrong grasp of common web, cloud, and API protocols and their associated attack surfaces (e.g., HTTP/S, REST, OAuth, DNS, TLS, etc.)Experience analyzing network and application-layer telemetry to extract meaningful security insightsStrong coding and data handling skills, especially in Python and Jupyter (SQL or BigQuery a plus)Excellent written, visual, and verbal communication skills, with a clear ability to tell stories with dataA self-starter who can independently define and deliver meaningful research projectsPublic speaking experience or a willingness to represent research externallyEnthusiastic about educating others and promoting good security practicesBonus Points ForExperience with bot mitigation, DDoS defense, or abuse/fraud detectionBackground in threat intelligence, red teaming, or application-layer defensesUnderstanding of AI/ML-related security topics or adversarial techniquesExperience building or analyzing honeypots or engaging with attacker infrastructureContributions to open-source projects, security blogs, or research papersQualificationsBSc or equivalent experience in cybersecurity, computer science, or a related fieldIndustry certifications such as CISSP, OSCP, or CEH are welcome but not requiredExperience working with security datasets and publishing externally preferredA visible presence in the security research community is a plus, but not required#LI-SS5The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).Equal Employment OpportunityIt is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.