Senior Threat Researcher

Palo Alto Networks® is the fastest-growing security company in history. We foster a culture of innovation, authenticity, and collaboration. This focus helps to advance our mission of protecting our way of life in the digital age. Our people make this possible. It’s in our everyday interactions, how we work together and treat each other, that sets Palo Alto Networks apart from other organizations. If you are a motivated, intelligent, creative, and hardworking individual, then this job is for you!

We are expanding our global security response team and seeking out experienced threat intelligence analysts, reverse engineers and security tool developers.

Palo Alto Networks has a widely deployed security platform that provides access to an immense volume of globally sourced threat data. We use this data to better protect our customers and as a source for our research to identify and adapt to adversaries, campaigns, and evolutions in the threat landscape.

The core mission of this team is to improve detection and response for our enterprise customers through applied threat intelligence. This is accomplished by combining internal and external threat data to assess and remediate gaps in the coverage and capabilities of the Palo Alto enterprise security platform.

Palo Alto Networks and the security research team believe in raising the cost of operations for the adversary by creating durable and contextually rich countermeasures. As a member of this team you will be expected to consistently strive to Automate, Innovate, and Collaborate with some of the best security minds on the planet.

The Senior Threat Researcher will focus on the identification of actively exploited vulnerabilities and post-exploitation methodologies present in hack tools, attack frameworks, targeted attack campaigns, and public POC availability. This requires a cross disciplined approach involving open source intelligence analysis, crawler and honey client deployment, and leveraging the attack telemetry returned by the Palo Alto Networks enterprise security platform. 

A strong focus on automation and scripting is desired, with expected manual analysis of newly discovered threats. Core to this role is the creation of durable detection signatures (both heuristic and byte level) as well as categorization of discovered threats.


  • Produce and test durable heuristic and byte level prevention and alerting signatures for the Palo Alto product set (IPS, Wildfire, Traps, AutoFocus, LightCyber).
  • Leverage internal and external data sources to activly hunt for new exploit detections and correlated threat campaigns and web based exploit kits.
  • Collect open source information for aggregation into our intelligence repository.
  • Analyze exploit code, vulnerabilities, and attacker tools to assess their functionality, origin and purpose.
  • Develop tools to assist with automation of collection and processing of threat data.
  • Perform coverage and capability gap analysis of the Palo Alto Product set, ensuring true positive fully contextual detections.
  • Present new research at conferences and at customer meetings as desired.
  • Respond to Requests for Information (RFIs) from our consumer organizations within Palo Alto Networks.


  • Excellent written and verbal communication skills, and experience working on remote teams.
  • Strong understanding of computer science fundamentals, specifically networking, databases and tool development.
  • Strong understanding of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
  • Understanding of malware construction, usage and detection techniques.
  • Understanding of vulnerability discovery and severity assessment methodologies.
  • Experience developing profiles of actors and groups based on data.
  • Experience developing and deploying effective countermeasures (Yara, Snort, SIEM Correlation Rules, etc.)
  • Prior use of intelligence tools such as Maltego, Analyst’s Notebook and Palantir.
  • Prior use of malware analysis tools such as IDA Pro, Hex-Rays Decompiler, OllyDgb, Immunity Debugger and Yara.
  • Prior use of network analysis tools such as Wireshark, TCPDump and Scapy.
  • Candidates must be open to travel requirements (up to 10%).


  • BS/MS or equivalent experience required.


 We are the global cybersecurity leader, known for always challenging the security status quo. Our mission is to protect our way of life in the digital age by preventing successful cyberattacks. This has given us the privilege of safely enabling tens of thousands of organizations and their customers. Our pioneering Security Operating Platform emboldens their digital transformation with continuous innovation that seizes the latest breakthroughs in security, automation, and analytics. By delivering a true platform and empowering a growing ecosystem of change-makers like us, we provide highly effective and innovative cybersecurity across clouds, networks, and mobile devices.

Our Security Operating Platform is built for automation. It is easy to operate, with capabilities that work together, so customers can prevent successful cyberattacks. They can use analytics to automate routine tasks, so they can focus on what matters. We are known for continuously delivering innovations; and with Application Framework, we extend that to an open ecosystem of developers that benefit from our customers’ existing investment in data, sensors, and enforcement points.

Back to top