Key skills
CloudCyber SecurityLinuxPythonSplunkSQLPowerShellSaaSCommunication
About this role
Role Overview
- Conduct proactive, intelligence‑driven threat hunts across endpoint, network, SaaS, and cloud data to identify activity that evades traditional security controls.
- Develop and test hunt hypotheses based on MITRE ATT&CK, adversary TTPs, emerging and stale vulnerabilities.
- Familiarity with CrowdStrike Falcon (EDR/XDR) and/or Netskope (SSE/CASB/SWG) telemetry to detect suspicious behaviors, lateral movement, and data exfiltration patterns.
- Perform deep technical analysis of intrusions, malware, and tools; reconstruct attack chains and identify root cause and detection gaps.
- Contribute to detection logic, advanced queries, and automation (e.g., Falcon queries, Netskope policies, SIEM/SOAR content) to operationalize hunt findings at scale.
- Produce high‑quality written and verbal reporting, clearly explaining complex intrusions and risks to both technical and executive stakeholders.
- Partner with SOC, IR, red team, and CTI to validate prevention/detection coverage and tune controls against real‑world attack scenarios.
- Mentor junior analysts/hunters and help mature hunt methodologies, playbooks, and metrics.
Requirements
- 5–8+ years of hands‑on experience in cybersecurity (Pentesting, IR, threat hunting, or threat intel), including direct ownership of complex investigations.
- Strong proficiency with at least one EDR/XDR platform, preferably CrowdStrike Falcon (queries, detections, RTR, dashboards) and/or Netskope (DLP, CASB, SWG, inline policies).
- Deep understanding of Windows and Linux internals, network protocols, and common attacker tradecraft (persistence, lateral movement, credential access, C2).
- Experience building and running hunts using SIEM/log platforms (e.g., Splunk, LogScale, Elastic, Sentinel) and writing complex queries for anomaly detection.
- Solid working knowledge of MITRE ATT&CK and its use in structuring hunts and mapping detections.
- Strong scripting/query skills (e.g., Python, PowerShell, KQL, SQL or similar) to automate analysis and hunting workflows.
- Excellent communication skills: able to turn raw telemetry and technical findings into clear recommendations and executive‑ready summaries.
Tech Stack
- Cloud
- Cyber Security
- Linux
- Python
- Splunk
- SQL
Benefits
- F5 offers a variety of reasonable accommodations for candidates.
- Requesting an accommodation is completely voluntary.