People Matter

CTI Investigator



Seattle, WA, USA
Posted on Wednesday, November 29, 2023

At F5, we strive to bring a better digital world to life. Our teams empower organizations across the globe to create, secure, and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity, from protecting consumers from fraud to enabling companies to focus on innovation.

Everything we do centers around people. That means we obsess over how to make the lives of our customers, and their customers, better. And it means we prioritize a diverse F5 community where each individual can thrive.

We are looking for a Cyber Threat Intelligence Investigator (Engineer) to join our Cyber Security team in the Office of the CISO! You will perform in a highly visible opportunity to impact both the Cyber Security organization and Product teams. You will work with internal teams, product development, and F5 partners, and customers.

We'll look to you to analyze indicators to generate actionable intelligence and insight into current threats. You will provide a deep understanding of current APT actors and TTPs and analysis. You'll be the lead investigator on casework, including legal-directed cases and security investigations. Your investigation work will include host-based forensics and being a technical subject matter expert when you aren't leading a case. You'll also hone your skills in scripting and light dev work to help automate recurring tasks to improve the team's overall efficiency.

Lastly, you'll share a point of view and a deep understanding of network and host-based indicators and how to use them best. You'll bring a technical background and the skills to communicate clearly to be a leader on the F5 Cyber Threat Intelligence Team.

What you'll do

  • Evaluate existing methodologies and develop improved processes, tools, analytics, and infrastructure recommendations.
  • Research, assess, and report on specific cyber threat actor and adversary capabilities, motivations, and Tactics, Techniques, and Procedures (TTPs).
  • Perform strategic, tactical, and operational research and analysis of adversarial cyber threats and the geopolitical context in which they operate.
  • Correlate all-source intelligence to develop a deeper understanding of tracked threat activity.
  • Present tactical and strategic intelligence about threat groups, their methodologies, and the motivations behind their activity.
  • Work with Product groups to determine their intelligence needs and requirements.
  • Convey both verbally and in writing the importance of findings for various audiences.
  • Prepare and deliver briefings and reports to various audiences as needed.
  • Image devices (Windows, MacOS, and Linux) in support of investigations.
  • Lead complex security and attorney-directed investigations under the oversight of management.
  • When you are not leading the investigation, perform host-based forensic investigation analysis as a subject matter expert.
  • Ability to work proactively with little direct oversight and take ownership to ensure success.

What you'll bring

  • 5 + years of experience in an analytical role (network forensics analyst, intelligence threat analyst, or security engineer/ consultant).
  • Exceptional oral and written communication skills.
  • Excellent communication and presentation skills with the ability to present to various internal audiences, including senior executives.
  • Excellent organizational and leadership skills.
  • Outstanding communication and interpersonal abilities.
  • Proven track record of successfully managing and executing short-term and long-term projects.
  • Excellent knowledge of adversarial cyber actors, including tactics, techniques, procedures, and the adversary lifecycle or threat model.
  • Experience in evaluating host and network forensic reports of electronic media, packet capture, log data analysis, malware triage, and network devices in support of intrusion analysis, enterprise information security operations, or intelligence operations.
  • Experience working in an investigative or incident response environment.
  • Experience working with threat intelligence partners and evaluating their requirements.
  • Excellent knowledge of security solutions and technologies, including Windows, Linux, and Network architecture/implementation/configuration.
  • Experience utilizing open-source tools for analysis.
  • General understanding of technical terminology and tactics employed by cyber threat actors.
  • Understanding operations security and information security principles for conducting online research and work.
  • Ability to vet open-source regional media sources.

Bonus Points

  • Master’s or other professional degree preferred.
  • Relevant cyber security certifications, which may include a CISSP, GCTI, EnCe, CCE, GCFE, or the GCFA
  • Experience correlating across enormous and diverse datasets (T-SQL & NoSQL systems)
  • Experience in development involving extraction/manipulation/summarization of network data
  • Experience working closely with threat intelligence analysts to understand their workflow and analytic problems and turning those into large-scale analytics
  • Experience working within a diverse organization to gain support for your ideas
  • Reverse-engineering & binary analysis
  • Strong Windows internals - especially in the areas of event management and networking (sockets/RPC/named pipes)
  • Working competency with Linux and MacOS internals, ASEPs, and memory management.
  • Strong leadership skills with the ability to prioritize and execute methodically and disciplined.
  • Ability to set and manage expectations with senior stakeholders and team members.
  • Ability to express complex concepts, including technical ones, verbally, graphically, and in writing.

The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However, the description may not be all-inclusive, and responsibilities and requirements are subject to change.

The annual U.S. base pay range for this position is: $108,970.00 - $163,454.00

F5 maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, geographic locations, and market conditions, as well as to reflect F5’s differing products, industries, and lines of business. The pay range referenced is as of the time of the job posting and is subject to change.

You may also be offered incentive compensation, bonus, restricted stock units, and benefits. More details about F5’s benefits can be found at the following link: F5 reserves the right to change or terminate any benefit plan without notice.

Please note that F5 only contacts candidates through F5 email address (ending with or auto email notification from Yello/Workday (ending with or

Equal Employment Opportunity