Senior Threat Researcher

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

About F5

Life at F5 is never dull. We are constantly identifying industry trends and disruptions, and innovating to get ahead of future customer needs. We are passionate about securing applications for our customers which include the Global and Fortune 100, federal and local government services, and many others worldwide.

But our success isn’t driven solely by what we do. We also care deeply about how we do it. At F5, our culture is how we live, every single day. And it’s producing extraordinary results-not only for our customers, but also for our employees. We understand that your life is about more than just work, so we’re committed to a culture that supports your whole life. For this role, we are offering a fully remote work arrangement with F5’s exceptional benefits.

Position Summary

F5 Labs is seeking a driven, analytical, and articulate cybersecurity researcher to join our small, focused threat research team. We’re looking for someone with a passion for uncovering trends in attacker behaviour and communicating their findings clearly to both technical and non-technical audiences.

As a Senior Cybersecurity Threat Researcher, you’ll explore sensor attack logs, uncover long-term attack trends, automate analysis, build prototypes and tools, and turn raw data into compelling narratives that educate and influence. Our team’s work supports F5’s broader marketing and thought leadership goals—not through paid services, but by sharing our expertise through public reports, articles, and tools.

This is an ideal role for someone who enjoys autonomy, can own projects from idea to publication, and is equally comfortable writing Python as they are writing a blog post or speaking on a webinar.

Primary responsibilities

• Research and analyze malicious traffic and attacker behavior across web, API, and application-layer protocols to uncover long-term patterns and emerging trends
• Build small tools, scripts, or datasets to support your research or contribute to the broader security community
• Translate complex findings into articles, reports, visuals, or presentations for a wide range of audiences
• Collaborate with a small team of researchers, engineers, and communicators to deliver timely and relevant insights
• Represent F5 Labs externally via blog posts, webinars, podcasts, media interviews, and industry events
• Support marketing and sales enablement efforts with high-impact research and commentary
• Maintain a strong understanding of offensive and defensive security practices, with a particular focus on web, API, bot, and DDoS-related threats
• Optionally, participate in proactive research efforts including honeypots, probing attacker infrastructure, and experimenting with emerging technologies like AI security

Core skills desired

• ~10 years of experience in cybersecurity or a closely related field
• Strong grasp of common web, cloud, and API protocols and their associated attack surfaces (e.g., HTTP/S, REST, OAuth, DNS, TLS, etc.)
• Experience analyzing network and application-layer telemetry to extract meaningful security insights
• Strong coding and data handling skills, especially in Python and Jupyter (SQL or BigQuery a plus)
• Excellent written, visual, and verbal communication skills, with a clear ability to tell stories with data
• A self-starter who can independently define and deliver meaningful research projects
• Public speaking experience or a willingness to represent research externally
• Enthusiastic about educating others and promoting good security practices

Bonus Points For

• Experience with bot mitigation, DDoS defense, or abuse/fraud detection
• Background in threat intelligence, red teaming, or application-layer defenses
• Understanding of AI/ML-related security topics or adversarial techniques
• Experience building or analyzing honeypots or engaging with attacker infrastructure
• Contributions to open-source projects, security blogs, or research papers

Qualifications

• BSc or equivalent experience in cybersecurity, computer science, or a related field
• Industry certifications such as CISSP, OSCP, or CEH are welcome but not required
• Experience working with security datasets and publishing externally preferred
• A visible presence in the security research community is a plus, but not required

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or@myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].