Sr. Security Researcher

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation. 
 

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

Senior Security Researcher

At F5, we make apps faster, smarter, and safer. Come work within the security threat research group in an exciting, fast paced environment. Our team is performing the analysis of the latest security threats, detection and mitigation of our security solutions, as well as pen testing of F5 products. The team works in an intensive environment and is constantly updated with the latest modern technologies. Come and join the best in their field!

Position Summary:

Being a part of a highly experienced Security Research team, while specializing in web vulnerabilities analysis, threat intelligence and Honeynet projects. The team is handling the research of vulnerabilities and malware, evolving threats analysis, development and updates of attack signatures and product-hacking.

Responsibilities:

• Researching web frameworks and servers to identify and understand emerging threats.
• Examining and replicating newly disclosed web application vulnerabilities.
• Focusing on WAF (Web Application Firewall) evasion techniques to preemptively bypass our defenses before hackers can.
• Creating innovative proof of concept solutions for advanced threats and continuously refining attack signatures, all in collaboration with development teams to enhance the WAF product using our research findings.
• Gathering web security intelligence from blogs, forums, conferences, and academic papers.
• Building tools and infrastructure for analyzing attacks.
• Composing and distributing insights through blogs, reports, and presenting at security conventions.
• Periodically performing security efficacy assessments on a variety of products, including WAFs, API security solutions, application security scanners, and machine learning models, to verify and improve their defense capabilities.

Qualifications:

• At least 2 years of experience in analyzing real web attacks or web exploitation, with a strong preference for more extensive experience.
• A deep knowledge of networking fundamentals, the HTTP protocol, web servers, and the inner workings of web applications is essential.
• Experience in tracking emerging web vulnerabilities in real-time.
• Experience in building research infrastructure and Python-based tools.
• Experience with creating and comprehending Regular Expressions for detailed pattern matching and security-related data analysis.
• In-depth knowledge of security principles, theories, and recognized attack vectors.
• Experience in creating attack signatures, such as with tools like SNORT. - Advantage
• Analyzing binary malware and malicious scripts. - Advantage
• Knowledge in web development (front and back end). - Advantage

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice. 

Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).

Equal Employment Opportunity

It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination.  F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].