Sr Principal/Principal Windows Malware Security Researcher (Cortex)

Our Mission

At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.

Who We Are

In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!

We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.

Job Summary

We are looking for a Windows Malware Security Researcher for our Tel Aviv R&D center. You will be part of a team that is responsible for researching the most recent and advanced cybersecurity threats, as well as designing, developing, and improving Anti-Malware capabilities to protect against them. The position includes researching OS internals, picking apart malware samples, delving into the internals of Windows kernel and user-mode code, and finding ways to mitigate new attack vectors.

The proposed role will be part of the research team of the Cortex XDR endpoint protection solution.

We are seeking a highly skilled and experienced Windows Malware Security Researcher to join our growing Windows malware research team of the Cortex XDR agent group. In this role, you will play a key part in enhancing our Endpoint Detection and Response (EDR) agent by prototyping new protection components and techniques and developing advanced malware prevention strategies. You will work on identifying, analyzing, and mitigating sophisticated threats, working closely with various teams to drive innovation. A deep understanding of the Windows operating system is essential.

Key Responsibilities

• Playing a pivotal role in shaping the future of our security solutions.
• Enhance the effectiveness of our EDR product by designing cutting-edge protection components and developing sophisticated prevention rules.
• Researching OS internals and how Windows works under the hood - leveraging this knowledge to develop and improve our anti-malware mechanisms and capabilities.
• Research and lead novel protection ideas to production-grade level, serving as the feature subject matter expert.
• Research new malware and APT mitigation techniques and develop corresponding capabilities (POC level), or improve existing mitigation capabilities.
• Respond to malware-based security events at clients' networks.
• Stay up to date with current malware and APT techniques.
• Provide feedback to the product management team on new feature requests and product enhancements from our customer base.
• Find new malware techniques and APT attacks, including analysis of caught-in-the-wild malware.
• Operate independently end-to-end - from initial threat idea, through research and POC, to handing off a production-ready design to core agent engineering with clear specs, test cases, and edge-case analysis.
• Be a team player who lifts others up - happy to jump in when a teammate is stuck on a tricky Windows internals or RE question, share what you've figured out, and generally make the people around you better.
  
  

Qualifications

Required Qualifications

• At least 5 years of experience in the cyber security research domain.
• In-depth knowledge of Windows operating system internals (both user-mode and kernel-mode) - at least 3 years of hands-on research experience.
• In-depth knowledge of C/C++, with hands-on development experience using C/C++ (Win32 API) in a Windows environment.
• Experience with anti-RE techniques such as anti-debug, anti-VM, unpacking, etc.
• Strong knowledge of the cyber threat landscape, including APTs (Advanced Persistent Threats) and modern malware techniques.
• Strong dynamic analysis skills with hands-on experience using debuggers such as WinDbg, x64dbg, OllyDbg, or similar.
• Strong static analysis skills with hands-on experience using disassemblers such as IDA Pro and Ghidra.
• Proficiency in Python.
• Knowledge of networking and internet protocols.
• A major advantage to candidates with at least 2 years of experience in at least one of the following: EDR/XDR products, Windows kernel development, low-level security solution development, Windows exploitation, or vulnerability research.
• Ability to work fully independently - own a research track from scoping to POC handoff with minimal supervision - while also collaborating effectively as part of a team.
• Strong problem-solving skills with a passion for innovation, sharp attention to detail, and a bias for taking initiative on hard problems.
• Comfortable working under pressure, juggling competing priorities, and delivering against tight deadlines.
  
  

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Is role eligible for Immigration Sponsorship? No. Please note that we will not sponsor applicants for work visas for this position.