Senior Threat Researcher
- Santa Clara, CA, USA
- Employees can work remotely
- Department: Engineering
At Palo Alto Networks® everything starts and ends with our mission:
Being the cybersecurity partner of choice, protecting our digital way of life.
We have the vision of a world where each day is safer and more secure than the one before. These aren’t easy goals to accomplish – but we’re not here for easy. We’re here for better. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.
Palo Alto Networks is seeking a Threat Researcher to join Unit 42’s Threat Analysis Unit (TAU). Threat Researchers in Unit 42 are responsible for leading and conducting research related to malware, threat actor groups and campaign activity. This position requires a cross disciplined approach involving intelligence analysis and collection, signature creation, and malware analysis. Core to this role is the creation of durable detection signatures (both heuristic and byte level) as well as categorization of discovered threats.
A strong focus of the Threat Researcher position will be on malware analysis & behavior detection, signature creation for threat hunting (Such as YARA rules), similarity clustering. Additionally, a thorough understanding of the current threat landscape and emerging threats is necessary.
Unit 42 is the global threat intelligence team at Palo Alto Networks® and a recognized authority on cyberthreats, frequently sought out by enterprises and government agencies around the world. Our analysts are experts in hunting and collecting unknown threats as well as completely reverse-engineering malware using code analysis. With this expertise, we deliver high-quality, in-depth research that provides insight into tools, techniques, and procedures threat actors execute to compromise organizations
Leverage internal and external data sources to actively hunt for malware families, threat actor group and campaign activity.
Collect open and closed source intelligence for aggregation into our intelligence repository.
Develop tools to assist with automation of collection and enrichment processing of threat data.
Perform coverage and capability gap analysis of the Palo Alto Product set, ensuring true positive fully contextual detections.
Present new research at conferences as desired.
Respond to Requests for Information (RFIs) from our consumer organizations within Palo Alto Networks.
Act as a cross-team liaison and subject matter expert between internal Palo Alto Networks teams.
Dig through large scale data to analyze malware, exploit code, campaigns, and attacker tools to assess their functionality, origin and purpose.
Research the implementation of new technologies to enhance Palo Alto Networks products.
Produce and test rules for hunting and enrichment (Yara, Suricata, etc.)
Create and produce mechanisms for reporting threat intelligence to internal Palo Alto Networks customers.
- Excellent written and verbal communication skills, and experience working on remote teams.
Strong understanding of computer science fundamentals, specifically networking, databases and tool development.
Strong understanding of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment and security metrics.
Strong interpersonal skills
Understanding of malware construction, usage and detection techniques.
Understanding of malware, campaign and actor behavior similarity clustering
Experience in at least one of the following: Python, Ruby, Powershell, Go, etc.
Experience analyzing malware, extracting observables and enriching Palo Alto Networks product intelligence.
Understanding of malware collection
Experience developing profiles of actors and groups based on data.
Experience developing and deploying effective countermeasures (Yara, Snort, SIEM Correlation Rules, etc.)
BS/MS in Computer Science or related fields preferred
Our engineering team is at the core of our products – connected directly to the mission of preventing cyberattacks. We are constantly innovating – challenging the way we, and the industry, think about cybersecurity. Our engineers don’t shy away from building products to solve problems no one has pursued before.
We define the industry, instead of waiting for directions. We need individuals who feel comfortable in ambiguity, excited by the prospect of a challenge, and empowered by the unknown risks facing our everyday lives that are only enabled by a secure digital environment.
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.
We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at [email protected]
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
All your information will be kept confidential according to EEO guidelines.