Principal Threat Researcher - macOS and Linux (Cortex)

Company Description

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!

Job Description

Your Career

Palo Alto Networks, Cortex XDR research is looking for a Principal Threat Researcher for its Tel Aviv R&D center.

The team is in charge of maintaining an up-to-date overview of the threat landscape, with emphasis on two main focus areas - cybercrime and nation-state APT research. The team conducts a proactive research using Palo Alto’s vast telemetry in combination of external sources, to uncover unknown malware, TTPs, campaigns, and threat actors. The insights gleaned from the research are then translated into actionable intelligence deliverables to improve the overall product coverage. In addition, the team publishes many of its findings in Palo Alto’s Unit42 blog. 

Your Impact

• Track and monitor the security threat landscape, using various information sources to raise flags for gaps and to improve security coverage. 
• Reverse engineer and analyze malware and hack tools used by various threat actors. 
• Discovering new behavioral anomalies and TTPs used by threat actors and assisting in creating relevant mitigations. 
• Write threat intelligence reports and blogs (Technical English fluency - is a must!) 
• Present your research in internal and international security conferences. 
• Work closely with other domestic and international research teams to collect and disseminate threat intelligence and improve the overall product’s security coverage.

Qualifications

Your Experience

• 5+ years of experience as a threat researcher, intelligence analyst, malware analyst, reverse engineer, threat hunter or incident responder/DFIR.
• Familiarity with advanced topics and experience in malware analysis, threat hunting, long-term threat tracking, and attribution.
• 3+ years of reverse engineering macOS and Linux malware
• Presented research in international security conferences - advantage.
• Intimate knowledge and understanding of attack methods and TTPs over endpoints and enterprise solutions (EDR/XDR/XIAM).
• Good command of networking and authentication protocols, architecture and security concepts. 
• Coding experience with Python, including writing scripts for IDA Pro.
• Experience using BigQuery or other SQL-based querying languages.
• Experience using git - advantage.
• High proficiency in English, both verbal and written - a must. 
• Proven experience in technical writing, including a record of published security blogs - a must.
• Ability to work in a dynamic, fast-moving, and demanding environment.
• Independent and team player, critical thinker.
• Ability to summarize complex data and explain it in simple terms that can be understood by both technical and less-technical audiences.

Additional Information

The Team 

The infrastructure team is a part of the Cortex Platform group. it is a highly technical and multidisciplinary team. The team is detached from the product roadmap, as we are fully dedicated to backend infra - developing shared components, tackling high-scale infrastructure issues, monitoring tools, setting the bar for technical acumen, and making our group developer experience better. You will get the chance to work closely with DevOps teams, Pipeline teams, dev teams (in and out of the group), and automation teams all in which to make the Platform Group (and others) work better.

#LI-ER1

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.