Principal Cloud Threat Intelligence Researcher (Cortex)

Company Description

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!

Job Description

Your Career

We are looking for a threat researcher to join Cortex’s cloud threat intelligence and research team. The selected candidate will join a team of industry-leading cloud threat researchers detecting novel and emerging threat actors and groups targeting cloud environments. The candidate must have experience in threat hunting, intelligence gathering, or cloud application or platform penetration testing skills. Fundamentally, they must have a passion for cloud architecture, cloud posture management, cloud runtime monitoring and cloud detection engineering. 

The candidate will hunt, reverse, and research attacks targeting cloud workloads, containers, functions, and identity across platforms and connected SaaS applications. They must continually assess our platform’s coverage and develop ideas for improvement and strengthening. They must also maintain a constant lookout for novel and exploited vulnerabilities within cloud based applications, container platforms like Docker and Kubernetes, as well as with cloud service providers such as Google Cloud, AWS, and Azure. 

Your research and insights will make Cortex protections more robust and your experience, knowledge and insights will have the opportunity to be published on the industry leading Unit 42 blog space, as well as to present your findings at well-known cybersecurity conferences around the world. 

Your Impact

• Hunt and track cloud threat actors as they perform their operations.
• Add insight into cloud threat actors and enrich indicators from cloud environments.
• Work and publish research with Palo Alto Networks’ Unit 42.
• Build Cortex detection coverages for cloud vulnerabilities, exploits, and malware.
• Analyze a broad range of n-day vulnerabilities in cloud and container services.
• Define new features and protection mechanisms to enrich Cortex datasets.
• Hunt and analyze malware attacking cloud and container workloads.
• Support our Palo Alto Networks product and development teams with practical knowledge of cloud exploitation and post-exploitation activity.
• Support our efforts to secure Cortex and actively engage in evaluating our product security.
• Present your research in cybersecurity conferences and industry whitepapers.

Qualifications

Your Experience 

• Strong threat hunting and forensics knowledge of cloud and container platforms.
• Demonstrated proficiency of cyber threat intelligence operations.
• Ability to conceptualize, understand and replicate complex cloud attack paths.
• Clearly explain cloud attack path and exploitation techniques. e.g. IAM misuse operations, cloud application vulnerabilities, container escapes, and multi and hybrid-cloud service platform exploitation techniques.
• Public speaking and communication skills.
• Familiarity with serverless and containerization programming.
• Knowledgeable of reverse engineering and malware analysis operations.
• Familiarity with runtime monitoring applications across multiple cloud service providers.
• Bonus - Proficient reading and coding skills in Go, Rust and Python.
• Must be a puzzler and problem solver with a keen attention to detail.
• Excellent English reading comprehension and writing skills.

Nice to have:

• Cloud Forensic Experience
• Cloud Penetration Testing Experience
• Presentation and public speaking skills

Additional Information

The Team

We are a group of threat research professionals excited about making cloud, containers, and open-source cloud-based platforms and applications more secure. We strive to be the best in our field and lead the cloud threat research space. As the cloud research front for the Cortex Threat Research group, we have many responsibilities, including maintaining visibility over the latest cloud threats and vulnerabilities, developing threat hunts and detection engineering operations for these threats, resulting in the tracking of malicious cloud operations in the wild. As a threat intelligence team for Cortex, our research enriches multiple Palo Alto Networks products and teams to better protect our customer base.

#LI-ER1

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

I'm interested

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.