Being the cybersecurity partner of choice, protecting our digital way of life.
Your Career
We’re looking for a Staff Security Researcher for Cortex Xpanse’s Security Research Engineering team. You will be responsible for the creation, validation and deployment of vulnerability signatures and protocol payloads which will be used by our scanning infrastructure to understand what vulnerabilities are exposed across customer networks. You will also be responsible for creating new policies, which encode risky device configurations as code that is run over observations from our global scanning data. You will be a key member of a team that proactively sources vulnerabilities and misconfigurations from newly discovered CVEs and responds to Xpanse customer requests.
Your Impact
- Contribute to Xpanse’s critical vulnerability response by implementing the necessary vulnerability signatures and payloads to detect presence of critical CVEs while effectively communicating with the Xpanse team, across the Cortex business unit, and across Palo Alto Networks
- Research trending threats and develop proof of concepts to detect presence of confirmed and inferred vulnerabilities
- Research and develop fingerprints that can help Xpanse identify and structure more and more types of services running on the global Internet
- Proactively add customer-requested policies and implement protocol payloads while minimizing false positives & false negatives
- Research emerging vulnerability threats on the global Internet and contribute to Cortex Research blogs/publications
Your Experience
- Bachelor's degree in Computer Science, Data Science, Engineering, or other technical discipline (or equivalent professional or military experience) - We don’t look for a specific number of years of experience, but typically people who are successful at Staff level positions are early to mid-level in their careers
- High level knowledge of network security vulnerabilities, CVSS scoring and exploit techniques
- Familiarity with one or more programming languages (Java, Python, Go, Bash)
- Ability to concisely communicate complex subject matter to technical and non-technical audiences
- Ability to work independently as a researcher as well as part of larger cross-functional teams
Nice to have, but not required
- Experience with SQL and Regex
- Prior experience performing open-ended security research and showcasing externally via blogs and publications
- Hands-on experience in security research/systems security/network security
We define the industry instead of waiting for directions. We need individuals who feel comfortable in ambiguity, excited by the prospect of a challenge, and empowered by the unknown risks facing our everyday lives that are only enabled by a secure digital environment.
Compensation Disclosure
The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/com-missioned roles) is expected to be between $107,400/yr to $173,800/yr. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found .
Please note that we will not sponsor applicants for work visas for this position.
All your information will be kept confidential according to EEO guidelines.
