Senior Security Researcher Linux / MacOS - Threat & Detection

Our Mission

At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.

Who We Are

In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!

We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.

Job Description

The Team

Our team is dedicated to performing and Validate PANW Cortex Security Features on multiple Operating systems including but not limited to Windows, Linux, Mac, and Cloud Workloads, simulating known threats and offensive tools to determine New features security Coverage & Detection quality across the Kill Chain /MITRE ATT&CK Framework including known and unknown threats.

Job Summary

We are seeking a highly skilled Senior Security Researcher to join our Threat and Detection Group at the Tel-Aviv R&D center.

This team focuses on PANW Cortex Security and Security Assurance features across various operating systems and platforms, including (but not limited to) Linux, Mac, and Cloud. This is an applied research role with a clear mission: your research directly improves the detection and prevention capabilities of our XDR agent.

The role involves simulating, automating, and developing proof-of-concepts for known threats and offensive tools to evaluate new feature security coverage and detection quality, aligned with the Kill Chain/MITRE ATT&CK Framework and real-world threats. We need an experienced Security Researcher with a deep background in offensive security concepts and a strong interest in Linux, Cloud, and macOS platforms.

You will conduct Linux security evaluations, research innovations to enhance our security solutions, and find innovative yet practical solutions to contemporary problems. You will also develop custom tools and advanced in-house security capabilities to continuously validate our product's defenses.

Key Responsibilities

• Work hand-in-hand with the Cortex Agent release team. This role demands applied research synchronized with our delivery schedule, ensuring that every feature release is validated against the latest threats prior to launch
• Drive our threat simulation automation strategy by researching and developing new tools and capabilities that emulate real-world adversary behavior
• Enrich our Security Automation Coverage and infrastructure to protect against known and unknown threats
• Thrive in a fast-paced, high-impact environment, mastering new security features, technologies, and complex platforms (from kernel to Kubernetes) quickly
• Conduct hands-on research to identify real-world Malware, exploits, and novel attack vectors, then create and code PoCs to test our defenses
• Act as a key research partner with engineering teams to push and validate our product capabilities.
• Leverage data-driven approaches to identify threats and propose effective mitigations
  
  

Qualifications

Required Qualifications

• 5+ years of hands-on experience in security research, offensive security, or security development
• Strong, practical development skills (Python, C, Go, Git are advantages) for automating attack tools, building PoCs, and creating testing infrastructure
• Extensive knowledge of Linux internals ("under the hood")
• Proven ability to adapt, learn quickly, and switch contexts between complex technical domains (e.g., from kernel research to cloud-native security)
• Experience with Linux eBPF and modern kernel technologies
• Experience with Linux namespaces & cgroups
• Familiarity with Managed and Unmanaged Kubernetes solutions
• Ability to work independently and as part of a team, managing fast-paced tasks and stressed time constraints while maintaining focus
  
  

Advantages

• Knowledge of Cloud Workloads such as GCP, AWS, Azure
• Strong debugging skills with various tools on different Linux platforms
• Experience with reversing tools such as IDA Pro, Strace, etc
  
  

Additional Information

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.