At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
Join a high-impact team using cutting-edge security technologies and practices to protect F5’s enterprise and product environments. As a Senior Security Engineer / Threat Hunter, you will lead strategic initiatives, develop technical solutions, and drive continuous improvements in our cyber defense capabilities. You’ll be a key player in threat hunting, incident response, proactive detection, and digital forensics across cloud and on‑prem environments.
Key Responsibilities
- Lead threat hunting engagements for the Global Cyber Security Detections and Investigations team across enterprise and product environments.
- Lead and guide team members in threat hunting and digital forensics practices, including mentoring and upskilling efforts.
- Perform proactive threat hunting and host/cloud forensics (AWS, Azure, GCP, Linux, Windows, macOS), including acquisition and analysis of endpoint, network, and cloud artifacts.
- Conduct technical security assessments, including static/dynamic analysis, threat modeling, and forensic reconstruction of attack timelines.
- Automate manual processes to reduce operational toil and improve response times, including automation of common forensic and hunting workflows.
- Collaborate with SRE, Architecture, and Operations teams to implement security standards and controls informed by hunting and forensic findings.
- Utilize security tooling (EDR, NG‑SIEM, SOAR, DLP, vulnerability scanners, posture management) to detect, investigate, and contain threats.
- Advise stakeholders on secure design principles and security best practices based on observed attacker behaviors and forensic investigations.
- Maintain and improve security runbooks and documentation, including incident response, threat hunting, and DFIR playbooks.
- Stay current on emerging threats, CVEs, attacker TTPs, and industry trends and apply them to hunting and forensic techniques.
- Follow F5 information security policies and protect information assets from unauthorized access, disclosure, modification, destruction, or interference.
- Perform other related duties as assigned.
- Follow the F5 behaviors.
Required Skills & Experience
- 8+ years in cybersecurity, including hands**‑**on threat hunting, digital forensics and incident response (DFIR), and security engineering.
- Proven experience designing and executing hypothesis‑driven threat hunts across endpoints, networks, and cloud environments, and operationalizing findings into new detections or controls.
- Demonstrated hands-on experience performing endpoint and cloud forensics (for example, disk and memory acquisition, log and artifact analysis, timeline reconstruction) during investigations.
- Strong experience with SIEM and NG‑SIEM platforms (e.g., CrowdStrike Falcon, Splunk, Microsoft Sentinel), SOAR, and EDR/XDR tools as primary data sources for hunting.
- Deep understanding of MITRE ATT&CK and threat actor TTPs, and ability to translate them into hunt hypotheses, queries, and forensic pivot points.
- Proficiency in scripting or utilizing automation tools (Python, PowerApps, Power Automate, or similar) to automate hunting and forensic data collection, enrichment, and reporting.
- Hands-on experience with cloud security (AWS, Azure, GCP) and infrastructure as code (Terraform, Ansible).
- Solid grasp of UNIX/Linux systems, networking protocols, and firewall architecture.
- Experience with vulnerability management, penetration testing, and secure architecture design.
- Excellent communication skills with ability to interface across technical and non‑technical stakeholders and clearly convey hunt findings and investigative outcomes.
Preferred Qualifications
- Certifications: GCIH, GCFR, GCFA, or equivalent SANS DFIR / threat hunting training.
- Experience with ServiceNow, ADO, or similar ticketing/case management systems.
- Familiarity with container orchestration (Kubernetes, Docker) and CI/CD pipelines.
- Exposure to FedRAMP, eDiscovery, and DLP casework.
- Strong interpersonal skills and a collaborative mindset.
- Ability to lead and mentor junior engineers and analysts in threat hunting and DFIR methodologies.
- Ability to drive strategic long‑term initiatives with cross‑org leaders.
- Ability to effectively present technical investigations, threat hunts, and recommendations to executive leadership.
Work Environment
- Full-time position with potential for shift flexibility.
- Requires scheduled on‑call work outside core business hours (early mornings, evenings, weekends, holidays) shared with the larger team.
- Duties performed at a desk or computer station; remote collaboration across time zones.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or** @myworkday.com)****.**
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.