Palo Alto Principal Product Security Researcher - InfoSec 

United States, California 

284073055

Being the cybersecurity partner of choice, protecting our digital way of life.

Your Career

These days, the threat landscape is fluid and always changing. Cyber bad-actors are constantly finding new and diabolically creative ways to get to your data and there’s just no telling what door they’ll knock on next. As a Principal Product Security Researcher, you will be helping Palo Alto Networks in a high visibility role to stay ahead of the curve in addressing these latest threats, overseeing vulnerability response and remediation across all of Palo Alto Networks offerings.

Your Impact

• Research security vulnerabilities identified in our products or cloud offerings
• Work with exceptional security professionals from across the company as well as across the industry
• Provide guidance to ensure appropriate vulnerability remediation: assist with developing and reviewing defensive solutions
• Lead and collaborate with stakeholders across the company and beyond including executives, engineering, infosec, privacy, legal, support, sales, customers, security researchers, and industry partners
• Work with a growth mindset and learn about the latest trends in cybersecurity
• Publish security advisories to provide clarity and guidance to customers regarding security concerns

Your Experience

• Experience with secure programming concepts
• Experience with Linux, Operating System Concepts, Networking, Cloud computing
• Good understanding of web/application security threats and defenses (code injection, XSS, etc.,)
• Experience handling product security crisis situations such as breaches or 0-days
• Familiarity with OWASP guidelines. Participation in Capture the Flag (CTF) events, a local OWASP chapter, or similar security-focused communities is a plus
• Familiarity with agile software development/continuous integration/automation
• Excellent written and verbal communication skills
• Strong analytical and problem-solving skills, ability to work independently
• Ability to lead and collaborate across functional teams as well as external partners, security researchers, and other security teams
• An existing public blog entry on a technical issue, comment on a mailing list or open-source issue, or other technical comments on social media that illustrates the ability to communicate complex security topics would be a plus
• Demonstrated experience (such as academic projects) in Javascript, NodeJS, Java, C. Relational and NoSQL databases. Ability to read and understand multiple programming languages would be a plus
• Experience in a red/blue/purple team would be a plus

Education

• BS or MS Degree in Engineering or Computer Science related to computer security, application security, information security, network security, or cryptography or equivalent military experience required

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $162000/yr - $263000/yr. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found .

All your information will be kept confidential according to EEO guidelines.