Principal Security Researcher Linux / MacOS - Threat & Detection

Our MissionAt Palo Alto Networks® everything starts and ends with our mission:Being the cybersecurity partner of choice, protecting our digital way of life.Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.Who We AreWe believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.Job DescriptionYour CareerWe are seeking a highly skilled Principal Security Researcher to join our Threat and Detection Group at the Tel-Aviv R&D center.This team focuses on PANW Cortex Security and Security Assurance features across various operating systems and platforms, including (but not limited to) Linux, Mac, and Cloud. This is an applied research role with a clear mission: your research directly improves the detection and prevention capabilities of our XDR agent.The role involves simulating, automating, and developing proof-of-concepts for known threats and offensive tools to evaluate new feature security coverage and detection quality, aligned with the Kill Chain/MITRE ATT&CK Framework and real-world threats. We need an experienced Security Researcher with a deep background in offensive security concepts and a strong interest in Linux, Cloud, and macOS platforms.You will conduct Linux security evaluations, research innovations to enhance our security solutions, and find innovative yet practical solutions to contemporary problems. You will also develop custom tools and advanced in-house security capabilities to continuously validate our product's defenses.Your ImpactWork hand-in-hand with the Cortex Agent release team. This role demands applied research synchronized with our delivery schedule, ensuring that every feature release is validated against the latest threats prior to launch.Drive our threat simulation automation strategy by researching and developing new tools and capabilities that emulate real-world adversary behavior.Enrich our Security Automation Coverage and infrastructure to protect against known and unknown threats.Thrive in a fast-paced, high-impact environment, mastering new security features, technologies, and complex platforms (from kernel to Kubernetes) quickly.Conduct hands-on research to identify real-world Malware, exploits, and novel attack vectors, then create and code PoCs to test our defenses.Act as a key research partner with engineering teams to push and validate our product capabilities.Leverage data-driven approaches to identify threats and propose effective mitigations.QualificationsYour Experience 5+ years of hands-on experience in security research, offensive security, or security development.Strong, practical development skills (Python, C, Go, Git are advantages) for automating attack tools, building PoCs, and creating testing infrastructure. Extensive knowledge of Linux internals ("under the hood").Proven ability to adapt, learn quickly, and switch contexts between complex technical domains (e.g., from kernel research to cloud-native security).Experience with Linux eBPF and modern kernel technologies.Experience with Linux namespaces & cgroups.Familiarity with Managed and Unmanaged Kubernetes solutions.Ability to work independently and as part of a team, managing fast-paced tasks and stressed time constraints while maintaining focus.AdvantagesKnowledge of Cloud Workloads such as GCP, AWS, Azure Strong debugging skills with various tools on different Linux platformsExperience with reversing tools such as IDA Pro, Strace, etcAdditional InformationThe TeamOur team is dedicated to performing and Validate PANW Cortex Security Features on multiple Operating systems including but not limited to Windows, Linux, Mac, and Cloud Workloads, simulating known threats and offensive tools to determine New features security Coverage & Detection quality across the Kill Chain /MITRE ATT&CK Framework including known and unknown threats.Our CommitmentWe’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.All your information will be kept confidential according to EEO guidelines.