Principal Security Researcher - Security Automation - ITDR, Cloud (Cortex Cloud)

Company Description

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few!

Job Description

Your Career

Imagine waking up each morning knowing the automated response playbooks you engineered are actively neutralizing threats across complex cloud and enterprise environments. Our specialized team is at the forefront of security operations, transforming high-fidelity detections from areas like Cloud Security (CSPM, CIEM, DSPM), UEBA, and ITDR into intelligent, autonomous response actions. We don't just build playbooks; we research, design, and implement sophisticated automation that acts decisively, contains threats, and remediates systems at machine speed.

As a Principal Security Researcher on the team, you will be instrumental in architecting and developing these critical response automations. You'll dive deep into the nature of alerts generated from AWS, GCP, and Azure environments, as well as identity and behavior analytics systems. Your goal will be to translate your understanding of incident response best practices and attacker TTPs into robust response playbooks. If you are passionate about making security response faster, more consistent, and highly effective through automation, and you thrive on seeing your automation playbooks directly impact threat mitigation, this role is for you.

Your Impact

• Design & Develop Response Playbooks: Architect, build, test, and deploy sophisticated automated response playbooks. These playbooks will respond to alerts from diverse detection sources, including Cloud Security (CSPM, CIEM, DSPM), User and Entity Behavior Analytics (UEBA), and Identity Threat Detection and Response (ITDR) systems.
• Deep Dive into Detections: Thoroughly analyze and understand the alerts and detection logic from various security tools and platforms to ensure response automations are precise, effective, and context-aware.
• Cloud Automation Expertise: Implement response actions that leverage APIs and native automation capabilities within AWS, GCP, and Azure to contain threats, remediate misconfigurations, and restore security posture.
• Incident Response Logic: Automate best-practice incident response procedures into workflows, covering containment, eradication, and recovery steps where appropriate.
• Research & Innovation in Automation: Stay ahead of the latest trends in security automation, SOAR capabilities, and cloud-native response techniques to continuously enhance the team's playbook portfolio.
• Data-Driven Refinement: Utilize telemetry and feedback loops to measure the effectiveness of response playbooks and iteratively improve their performance and coverage.
• Collaboration: Work closely with detection engineering teams to understand their detections and ensure playbooks meet operational requirements.
• Stay Updated: Maintain expert knowledge of APTs, attacker methodologies, and TTPs to ensure automated responses remain effective against evolving threats.

Qualifications

Your Experience 

• Extensive experience in cybersecurity, with a strong emphasis on security operations, incident response, or security automation.
• Proven, hands-on experience designing, developing, and maintaining security automation playbooks or SOAR workflows.
• Experience in Python or other Programming languages, specifically for security automation, and API integration.
• Deep understanding of incident response methodologies and best practices.
• Strong familiarity with the security landscape, common vulnerabilities, and threat vectors relevant to cloud environments (AWS, GCP, or Azure) and enterprise systems.
• Experience working with APIs from various security tools (e.g., SIEM, EDR, CSPM, identity providers) and cloud platforms.
• Ability to analyze alerts and telemetry from security solutions to determine appropriate automated response actions.
• A critical thinker with exceptional problem-solving skills, meticulous attention to detail, and a proactive approach to security challenges.
• Independent and a collaborative team player.
• Experience in Cloud detection engineering research.

Advantages:

• Experience as a senior SOC analyst (e.g., Tier 2/3) with direct experience handling and resolving incidents that could be automated.
• Deep background in Incident Response, with a keen understanding of how to streamline and automate IR processes.
• Experience in offensive security (e.g., penetration testing, red teaming), providing insights into how attackers operate and thus how to automate defenses against them.

Additional Information

The Team

Our research team is at the core of our products and connected directly to the mission of preventing cyberattacks. We are constantly innovating — challenging the way we, and the industry, think about cybersecurity. Our researchers don’t shy away from building products to solve problems no one has pursued before.

We define the industry instead of waiting for directions. We need individuals who feel comfortable in ambiguity, excited by the prospect of a challenge, and empowered by the unknown risks facing our everyday lives that are only enabled by a secure digital environment.

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.