At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.
We are seeking a motivated and detail-oriented Cyber Threat Intelligence Analyst to join our cybersecurity team. In this role, you will assist in collecting, analyzing, and disseminating actionable intelligence on emerging cyber threats. You will work closely with senior analysts to identify threat actors, tactics, techniques, and procedures (TTPs) and help strengthen our organization’s security posture.
Key Responsibilities:
Threat Data Collection: Gather information from open-source intelligence (OSINT), dark web sources, commercial feeds, and internal telemetry.
Analysis & Reporting: Assist in analyzing indicators of compromise (IOCs), malware samples, and threat actor behaviors to produce intelligence reports.
Monitoring & Alerting: Track global cyber threat trends and provide timely alerts on relevant developments.
Collaboration: Work with SOC, incident response, and vulnerability management teams to share actionable intelligence and support investigations.
Documentation: Maintain threat databases, update intelligence repositories, and contribute to knowledge-sharing initiatives.
Tool Utilization: Use and learn threat intelligence platforms (TIPs), SIEM tools, and other cybersecurity technologies.
Required Qualifications:
Understanding of the threat intelligence life cycle.
Ability to clearly synthesize and communicate intelligence for a variety of audiences.
Understanding of cyber threat actors TTPs and IOCs.
Bachelor’s degree in Cybersecurity, Computer Science, Information Security, or related field (or equivalent experience).
Basic understanding of networking, operating systems, and common attack vectors.
Familiarity with MITRE ATT&CK framework and threat intelligence concepts.
Comfortable with SIEM/EDR, threat intel platforms, and basic malware/PCAP triage, even if not a full reverse engineer.
Strong analytical and research skills with attention to detail.
Ability to learn new tools and platforms quickly as the tech stack and threat landscape evolve.
Excellent written and verbal communication skills.
Preferred Qualifications:
Experience with OSINT tools and techniques.
Exposure to threat intelligence platforms and threat intelligence feeds.
Certifications such as CompTIA Security+, CySA+, or GCTI (nice to have).
Technical Skills
Familiarity with SIEM platforms (e.g., Splunk, Elastic, Microsoft Sentinel) for log analysis, correlation, and IOC hunting.
Basic experience with EDR/XDR tools (e.g., CrowdStrike Falcon, Microsoft Defender, SentinelOne) to pivot on endpoint telemetry and extract IOCs.
Exposure to Threat Intelligence Platforms (TIPs) such as MISP, OpenCTI, Anomali, or Recorded Future for ingesting, enriching, and sharing threat data.
Ability to work with OSINT tooling (e.g., Maltego, SpiderFoot, Shodan, urlscan, WHOIS/IP pivoting tools) for infrastructure and attribution research.
Understanding of structured threat intel formats and standards such as STIX/TAXII, YARA, and Sigma for representing and sharing indicators and detections.
Basic malware and network traffic triage skills using tools like VirusTotal, ANY.RUN or other sandboxes, and Wireshark/PCAP viewers.
Comfort using scripting languages (preferred: Python) for data enrichment, API-based collection, and automation of repetitive analysis tasks.
Familiarity with Linux and Windows command-line utilities for log review, process and network inspection, and artifact collection.
Preferred Experience With:
One or more SIEMs: Splunk, Elastic Security, Microsoft Sentinel, QRadar.
One or more EDR/XDR tools: CrowdStrike Falcon, Microsoft Defender XDR, SentinelOne, Palo Alto Cortex.
One or more TIPs or intel repositories: MISP, OpenCTI, Recorded Future, Anomali ThreatStream, Microsoft Defender Threat Intelligence.
Common OSINT and investigation tools: Maltego, SpiderFoot, Shodan, DomainTools/WhoisXML, urlscan.io.
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.
The annual base pay for this position is: $107,200.00 - $160,800.00F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.
You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: https://www.f5.com/company/careers/benefits. F5 reserves the right to change or terminate any benefit plan without notice.
Please note that F5 only contacts candidates through F5 email address (ending with @f5.com) or auto email notification from Workday (ending with f5.com or @myworkday.com).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race, religion, color, national origin, sex, sexual orientation, gender identity or expression, age, sensory, physical, or mental disability, marital status, veteran or military status, genetic information, or any other classification protected by applicable local, state, or federal laws. This policy applies to all aspects of employment, including, but not limited to, hiring, job assignment, compensation, promotion, benefits, training, discipline, and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting [email protected].
