At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
Position Summary
We are seeking a highly motivated Senior Threat Hunter & Purple Teamer. The F5 Global Cyber Defense and Intelligence Team is seeking an individual to do offense on the defense by preforming adversary emulation. You're going to work closely with our detection engineers and Cyber Threat Intelligence team to synthesize cyber threat intelligence reports and OSINT to emulate adversary TTPs in order to inform and strengthen detections.
In this role, you will play a pivotal role in safeguarding our critical infrastructure by actively hunting for threats, collaborating with security analysts to refine detection capabilities, and spearheading purple team exercises to test our security posture. You will leverage your threat hunting prowess to identify and investigate suspicious activity, analyze threat intelligence to stay ahead of emerging attacker tactics, and translate your findings into actionable security improvements. Ultimately this role supports the F5 product and enterprise security teams in making well-informed, risk-based decisions to improve overall security posture.
What you'll do
- Work independently and collaboratively with a team to both lead and support.
- Collaborate with defensive security (blue team) personnel to plan and execute purple team engagements that simulate real-world attacker behavior.
- Utilize threat hunting tools and techniques to identify and investigate suspicious activity on the network.
- Maintain and develop custom tools to automate threat hunting tasks and improve efficiency.
- Analyze threat intelligence to stay up to date on the latest attacker tactics, techniques, and procedures (TTPs).
- Present threat hunting findings to stakeholders and recommend security improvements.
- Ensure quality reports, test plans, and other deliverables are efficient and on time.
- Provide recommendations for technical security or compliance risks.
- Have the opportunity to work on developing new threat hunting methods or tools
- Operate with professionalism. Always.
- You will strengthen existing partnerships and build new ones with key organizations to deliver benefits to us and our customers.
What you'll bring
- Experience in executing threat hunts and purple team engagements on premises as well as in cloud environments.
- Working knowledge of logging query language.
- Working knowledge of living off the land in order to craft EDR evasion techniques in order to avoid detection.
- Proficiency with C2 frameworks.
- Background in Linux networking and protocols
- Ability to identify and analyze vulnerabilities in cloud configurations, applications, and services, with a focus on AWS, Azure, GCP, or OCI.
- Excellent verbal and written communication skills, including technical writing of assessment reports, presentations, and operating procedures.
- Certifications relevant to threat hunting or purple teaming (e.g., Certified Threat Hunting Professional (GCHPT), Certified Information Systems Security Professional (CISSP))
- An aptitude for leadership both through practice maturation and by mentoring junior teammates.
- Strong understanding of security principles, policies, and industry best practices.
- Minimum of 8 years’ experience in Application Security and/or Hardware Security
Bonus Points
- Experience with building custom tools for threat hunting engagements.
- Experience emulating sophisticated adversaries to include APTs and financially motivated threats.
- At least 3 years experience with logging and different query languages
- Strong working knowledge of at least two programming or scripting languages (powershell, bash, python, etc.)
- Experience with hunting in containerized environments (Docker, Kubernetes)
- Experience with traffic processing products assessment
- #LI-SS5
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting accommodations@f5.com.