Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.

We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

We’re changing the nature of work. Palo Alto Networks is evolving to meet the needs of our employees now and in the future through FLEXWORK, our approach to how we work. From benefits to learning, location to leadership, we’ve rethought and recreated every aspect of the employee experience at Palo Alto Networks. And because it FLEXes around each individual employee based on their individual choices, employees are empowered to push boundaries and help us all evolve, together.

Your Career

Palo Alto Networks is seeking a Threat Researcher to join Unit 42’s Threat Analysis Unit (TAU). Threat Researchers in Unit 42 are responsible for leading and conducting research related to malware, threat actor groups and campaign activity. This position requires a cross disciplined approach involving intelligence collection and analysis, signature creation, and malware analysis. Core to this role is intelligence extraction and enrichment of intelligence and observables sourced from security investigations. Finally, core to this role is digging through incident response case data to analyze malware, exploit code, campaigns, and attacker tools to assess their functionality, origin and purpose.

A strong focus of the Threat Researcher position will be on threat intelligence gathering and enrichment based on Unit 42 consulting data, signature creation for threat hunting (Such as YARA rules), similarity clustering and intelligence enrichment. Additionally, a thorough understanding of the current threat landscape and emerging threats is necessary.

Your Impact

• Leverage internal and external data sources to actively hunt for malware families, threat actor group and campaign activity
• Embed into incident response investigations for intelligence extraction and analysis, providing direct benefit to our customers
• Dig through incident response case data to analyze malware, attack infrastructure, exploit code, campaigns, and attacker tools to assess their functionality, origin and purpose
• Collect open and closed source intelligence for aggregation into our intelligence repository
• Develop tools to assist with automation of collection and enrichment processing of threat data
• Perform coverage and capability gap analysis of the Palo Alto Product set, ensuring true positive fully contextual detections
• Present new research at conferences as desired
• Respond to Requests for Information (RFIs) from our consumer organizations within Palo Alto Networks
• Act as a cross-team liaison and subject matter expert between internal Palo Alto Networks teams
• Produce and test rules for hunting and enrichment (Yara, Suricata, etc.)
• Create and produce mechanisms for reporting threat intelligence to internal Palo Alto Networks customers

Your Experience

• Excellent written and verbal communication skills, and experience working on remote teams
• Familiarity with threat intelligence platforms (TIP) and threat intelligence data structure (STIX, OpenIOC)
• Strong understanding of computer science fundamentals, specifically networking, databases and tool development
• Strong understanding of security operations - perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics
• Strong understanding of attack lifecycle of different type cyber attacks(APT, cybercrime etc.), infrastructure lifecycle, and anonymization techniques
• Strong interpersonal skills
• Understanding of malware construction, usage and detection techniques - Understanding of malware, campaign and actor behavior similarity clustering
• Experience in at least one of the following - Python, Ruby, Powershell, Go, etc.
• Experience analyzing malware, extracting observables and enriching Palo Alto Networks product intelligence
• Experience developing profiles of actors and groups based on data
• Experience developing and deploying effective countermeasures (Yara, Snort, SIEM Correlation Rules, etc.)

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $107,100/yr to $173,250/yr. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.