Principal Security Researcher Linux / Macos - Threat & Detection

Principal Security Researcher Linux / MacOS - Threat & Detection

We are seeking a highly skilled Principal Security Researcher to join our Threat and Detection Group at the Tel-Aviv R&D center.

This team focuses on PANW Cortex Security and Security Assurance features across various operating systems and platforms, including (but not limited to) Linux, Mac, and Cloud. This is an applied research role with a clear mission: your research directly improves the detection and prevention capabilities of our XDR agent.

The role involves simulating, automating, and developing proof-of-concepts for known threats and offensive tools to evaluate new feature security coverage and detection quality, aligned with the Kill Chain/MITRE ATT&CK Framework and real-world threats. We need an experienced Security Researcher with a deep background in offensive security concepts and a strong interest in Linux, Cloud, and macOS platforms.

You will conduct Linux security evaluations, research innovations to enhance our security solutions, and find innovative yet practical solutions to contemporary problems. You will also develop custom tools and advanced in-house security capabilities to continuously validate our product's defenses.

Your impact includes:

• Work hand-in-hand with the Cortex Agent release team. This role demands applied research synchronized with our delivery schedule, ensuring that every feature release is validated against the latest threats prior to launch.
• Drive our threat simulation automation strategy by researching and developing new tools and capabilities that emulate real-world adversary behavior.
• Enrich our Security Automation Coverage and infrastructure to protect against known and unknown threats.
• Thrive in a fast-paced, high-impact environment, mastering new security features, technologies, and complex platforms (from kernel to Kubernetes) quickly.
• Conduct hands-on research to identify real-world Malware, exploits, and novel attack vectors, then create and code PoCs to test our defenses.
• Act as a key research partner with engineering teams to push and validate our product capabilities.
• Leverage data-driven approaches to identify threats and propose effective mitigations.

Your experience includes:

• 5+ years of hands-on experience in security research, offensive security, or security development.
• Strong, practical development skills (Python, C, Go, Git are advantages) for automating attack tools, building PoCs, and creating testing infrastructure.
• Extensive knowledge of Linux internals ("under the hood").
• Proven ability to adapt, learn quickly, and switch contexts between complex technical domains (e.g., from kernel research to cloud-native security).
• Experience with Linux eBPF and modern kernel technologies.
• Experience with Linux namespaces & cgroups.
• Familiarity with Managed and Unmanaged Kubernetes solutions.
• Ability to work independently and as part of a team, managing fast-paced tasks and stressed time constraints while maintaining focus.

Advantages include:

• Knowledge of Cloud Workloads such as GCP, AWS, Azure
• Strong debugging skills with various tools on different Linux platforms
• Experience with reversing tools such as IDA Pro, Strace, etc

Our team is dedicated to performing and validating PANW Cortex Security Features on multiple operating systems including but not limited to Windows, Linux, Mac, and Cloud Workloads, simulating known threats and offensive tools to determine new features security coverage & detection quality across the Kill Chain/MITRE ATT&CK Framework including known and unknown threats.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.