Senior Application Security Researcher (Cortex Cloud)

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.

Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.

Job Description

Your Career

Are you fascinated by how AI and automation are fundamentally changing the way software is built? We are witnessing a shift where code is prompted and orchestrated by autonomous agents, and where the engineering environment itself has become a high-value target. We are looking for a visionary Senior Application Security Researcher to join an elite team tasked with redefining security for this new era of development.

In this role, you will be the architect of trust across the entire software lifecycle. Your mission is to research and mitigate the risks that arise when human creativity meets agentic automation. You’ll dive deep into securing the core of modern engineering—from protecting the developer's workstation and IDE against malicious extensions to ensuring the absolute integrity of the software supply chain. This is your chance to lead high-impact research that secures the future of development, from the first prompt in the IDE to the final production build.

Your Impact

• Pioneer AI-native security strategies to ensure that the new "vibe coding" frontier results in software that is architected securely from the very first prompt.
• Identify and mitigate novel attack vectors targeting coding agents and autonomous development workflows, staying steps ahead of adversaries exploiting LLM integrations.
• Evolve traditional code vulnerabilities from a "list of findings" into proactive, self-healing workflows that fix issues before they ever reach a pull request.
• Conduct deep-dive research into software supply chain vulnerabilities, ranging from CI/CD pipeline risks to the provenance of AI-suggested dependencies.
• Collaborate closely with Product and Engineering teams to bake your research findings directly into the platform’s core detection and remediation logic.
• Establish yourself as a thought leader by publishing original research, writing influential blog posts, and representing the team at major global security conferences.
  
  

Qualifications

Your Experience

• 4+ years of professional experience in application security research with a deep focus on the security of modern software architectures and development lifecycles.
• Strong understanding of fundamental code-level weaknesses and the ability to identify common patterns of insecure coding that lead to recurring risks.
• Deep knowledge of third-party ecosystem risks, including known vulnerabilities and the detection of compromised or malicious packages.
• Experience analyzing threats targeting the modern developer's workstation and environment, such as malicious IDE extensions and agentic plugin ecosystems.
• Deep understanding of modern engineering environments, including CI/CD pipelines and cloud-native development methodologies.
• Practical experience in both offensive and defensive security, allowing you to anticipate attacker behavior and translate it into robust defenses.
• A proactive problem-solver who can navigate the fast-moving AI security landscape and translate complex research into practical features for our product.
  
  

Advantages

• Previous experience in a security product company, with a strong understanding of how to translate security research into scalable product features and detection logic.
• Experience with big data platforms (e.g., GCP BigQuery, AWS Athena)
• Proficiency in multiple languages (e.g., Python, Go, JavaScript) and an understanding of how their specific security pitfalls manifest in AI-generated code and automated workflows.
• A portfolio of public-facing work, such as CVEs, whitepapers, open-source security tools, or recorded conference talks.
  
  

Additional Information

The Team

Our research team is at the core of our products and connected directly to the mission of preventing cyberattacks. We are constantly innovating - challenging the way we, and the industry, think about cybersecurity. Our researchers don’t shy away from building products to solve problems no one has pursued before.

We define the industry instead of waiting for directions. We need individuals who feel comfortable in ambiguity, excited by the prospect of a challenge, and empowered by the unknown risks facing our everyday lives that are only enabled by a secure digital environment.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.