Security Researcher â API Security
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
At F5 we strive to bring a better digital world to life. Our teams empower organizations across the globe to create secure and run applications that enhance how we experience our evolving digital world. We are passionate about cybersecurity from protecting consumers from fraud to enabling companies to focus on innovation.
Everything we do centers around people. That means we obsess over how to make the lives of our customers and their customers better. And it means we prioritize a diverse F5 community where each individual can thrive.
At F5 we make applications faster smarter and safer. We are seeking an experienced API Security Researcher to join our Security Threat Research this role you will help shape the future of secure applications by conducting cutting-edge research penetration testing and developing mitigation strategies for emerging API threats. You will collaborate with a dynamic highly skilled team to analyze vulnerabilities Develop and refine detection mechanisms for emerging threats and attack patterns. and enhance the security of F5 products.
Key Responsibilities:
Research emerging OWASP API Top 10 threats and evolving API security challenges to strengthen our proprietary API security solution.
Continuously analyze customer use cases and deployment scenarios to enhance and adapt our API Security Solution features.
Gather mine and interpret large-scale API traffic databoth from our internal environments and customer deploymentsto detect malicious behaviors attack patterns and zero-day vulnerabilities.
Collaborate with analytics and data science teams to translate findings into actionable improvements within our API Security Solution optimizing detection and prevention capabilities.
Design develop and maintain internal security research tools that uncover vulnerabilities in APIs and microservices ensuring these tools integrate seamlessly with our existing API Security Solution and data pipelines.
Create automated workflows to analyze API logs identify anomaly patterns and generate real-time alerts or dashboards for internal stakeholders.
Collaborate with engineering teams to incorporate research-driven enhancements into our internal tools strengthening overall API threat detection and response.
Qualifications:
Bachelors or Masters degree in Computer Science Cybersecurity or a related fieldor equivalent practical experience.
3 years of hands-on experience in API security research penetration testing or application security.
In-depth knowledge of API protocols and technologies (REST GraphQL gRPC SOAP) as well as authentication and authorization mechanisms (OAuth JWT OpenID Connect).
Familiarity with core web security principles (HTTP networking TLS) and common API security frameworks (OWASP API Security Top 10).
Proven ability to identify analyze and exploit vulnerabilities in APIs web applications and security products.
Proficiency in one or more programming/scripting languages (Python Java JavaScript etc.) for building custom security tools and POCs.
Experience with a variety of security testing tools (Burp Suite Postman OWASP ZAP AppScan WebInspect).
Ability to automate tasks and conduct data-driven analysis to detect threat patterns in large-scale API traffic logs.
Strong problem-solving skills with the ability to write clear actionable technical documentation and reports.
Proven track record of effectively communicating complex security concepts to technical and non-technical audiences.
Preferred Skills:
CEH OSCP or API-specific credentials that demonstrate deep hands-on security expertise.
Experience with WAF evasion techniques security research focused on API and web products and detailed knowledge of advanced threat techniques.
Background in threat modeling and an understanding of modern microservice designs.
Contributions to security-focused projects either proprietary or open source (e.g. internal tools automation frameworks).
Familiarity with API gateway solutions (Apigee API Connect Kong) and the ability to integrate or customize these for enhanced security.
Why F5 At F5 youll join a passionate innovative team tackling real-world security challenges. Youll work in a fast-paced environment where your research will have a direct impact on shaping the future of secure applications. If youre passionate about security innovation and solving complex problems F5 is the place to grow your career.
#LI-SS5
#LI-Hybrid
The Job Description is intended to be a general representation of the responsibilities and requirements of the job. However the description may not be all-inclusive and responsibilities and requirements are subject to change.
Please note that F5 only contacts candidates through F5 email address (ending with @) or auto email notification from Workday (ending with or @).
Equal Employment Opportunity
It is the policy of F5 to provide equal employment opportunities to all employees and employment applicants without regard to unlawful considerations of race religion color national origin sex sexual orientation gender identity or expression age sensory physical or mental disability marital status veteran or military status genetic information or any other classification protected by applicable local state or federal laws. This policy applies to all aspects of employment including but not limited to hiring job assignment compensation promotion benefits training discipline and termination. F5 offers a variety of reasonable accommodations for candidates. Requesting an accommodation is completely voluntary. F5 will assess the need for accommodations in the application process separately from those that may be needed to perform the job. Request by contacting .
Employment Type
Full-Time
