Sr. Threat Researcher (Security Research)
Palo Alto Networks® is the fastest-growing security company in history. We offer the chance to be part of an important mission: ending breaches and protecting our way of digital life. If you are a motivated, intelligent, creative, and hardworking individual, then this job is for you!
The core mission of this team is to improve detection and response for our enterprise customers through applied threat intelligence.
This is accomplished by combining internal and external threat data to assess and remediate gaps in the coverage and capabilities of the Palo Alto enterprise security platform.
Palo Alto Networks, and the security research team believe in raising the cost of operations for the adversary by creating durable and contextually rich countermeasures.
As a member of this team you will be expected to consistently strive to Automate, Innovate, and Collaborate with some of the best security minds on the planet.
The Senior Threat Researcher will focus on the identification of actively exploited vulnerabilities and post-exploitation methodologies present in hack tools, attack frameworks, targeted attack campaigns, and public POC availability. This requires a cross disciplined approach involving open source intelligence analysis, crawler and honey client deployment, and leveraging the attack telemetry returned by the Palo Alto Networks enterprise security platform.
A strong focus on automation and scripting is desired, with expected manual analysis of newly discovered threats. Core to this role is the creation of durable detection signatures (both heuristic and byte level) as well as categorization of discovered threats.
- Produce and test durable heuristic and byte level prevention and alerting signatures for the Palo Alto product set (IPS, Wildfire, Traps, AutoFocus, LightCyber).
- Leverage internal and external data sources to activly hunt for new exploit detections and correlated threat campaigns and web based exploit kits.
- Collect open source information for aggregation into our intelligence repository.
- Analyze exploit code, vulnerabilities, and attacker tools to assess their functionality, origin and purpose.
- Develop tools to assist with automation of collection and processing of threat data.
- Perform coverage and capability gap analysis of the Palo Alto Product set, ensuring true positive fully contextual detections.
- Present new research at conferences and at customer meetings as desired.
- Respond to Requests for Information (RFIs) from our consumer organizations within Palo Alto Networks.
- Excellent written and verbal communication skills, and experience working on remote teams.
- Strong understanding of computer science fundamentals, specifically networking, databases and tool development.
- Strong understanding of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
- Understanding of malware construction, usage and detection techniques.
- Understanding of vulnerability discovery and severity assessment methodologies.
- Experience developing profiles of actors and groups based on data.
- Experience developing and deploying effective countermeasures (Yara, Snort, SIEM Correlation Rules, etc.)
- Prior use of intelligence tools such as Maltego, Analyst’s Notebook and Palantir.
- Prior use of malware analysis tools such as IDA Pro, Hex-Rays Decompiler, OllyDgb, Immunity Debugger and Yara.
- Prior use of network analysis tools such as Wireshark, TCPDump and Scapy.
- Candidates must be open to travel requirements (up to 10%).
- BS/MS or equivalent experience required.
Meet Some of Palo Alto Networks's Employees
VP, Supply Chain Operations
Vonnie oversees the end-to-end supply chain for the manufacture and delivery of Palo Alto Networks’ hardware, ensuring that customers receive outstanding products in a timely manner.
Back to top