Principal/Senior Security Researcher -- Agentic Endpoint Security(Cortex)

Our Mission

At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.

Who We Are

In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!

We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.

Job Summary

We are seeking a Principal/Senior Security Researcher to lead proactive research into emerging abuse patterns across agentic and modern endpoint environments. This includes browser extensions, SaaS- and web-delivered code, autonomous agents, MCPs and related tooling, and other forms of non-binary software that do not fit neatly into a traditional malware-focused model.

In this role, you will define and drive independent research initiatives rather than simply respond to predefined queues. You will conduct deep technical investigations, including reverse engineering, telemetry analysis, controlled experimentation, and data-driven validation, and translate your findings into actionable outcomes for the product. These may include detection concepts with clear success criteria, recommendations for new telemetry or platform behavior, and concise technical narratives for engineering, product, executive, or customer-facing audiences.

You will act as a senior research partner to engineering and product leadership, helping shape priorities around what to instrument, what to build, what to retire, and how to reason about ambiguous signals in production environments. The role requires strong technical judgment, strategic thinking, and the ability to turn complex research into evidence-backed product impact.
 

Key Responsibilities

• Define and execute proactive research programs: novel attack surfaces (e.g., browser extensions, SaaS-delivered code, autonomous agents, MCP/tooling ecosystems), long-horizon threats, and systemic gaps in visibility or detection.

• Perform deep technical analysis beyond routine triage: reverse engineering, behavioral modeling, data-driven hypothesis testing, and rigorous validation of findings at scale.

• Set direction for how research translates into product and detection: prioritization frameworks, threat models, evaluation criteria, and standards of evidence for shipping high-impact changes.

• Partner with senior engineering and product stakeholders to shape roadmap, telemetry, and architecture informed by research; influence design tradeoffs before issues appear in the field.

• Lead complex, ambiguous investigations end-to-end and synthesize conclusions for executive and customer-facing audiences when stakes are high.

• Represent the team through high-quality technical artifacts (e.g., in-depth publications, conference-quality work, or equivalent internal briefings) that establish external and internal credibility.

Qualifications

Required Qualifications

• At least 4-5  years in cybersecurity with a track record of principal-level ownership in security research, threat research, threat intelligence, detection engineering, incident response, or a closely related discipline: self-directed programs, technical leadership on hard problems, and sustained impact on product or operations.

• Demonstrated depth in offensive tradecraft and how it manifests in modern endpoint, SaaS/browser, or adjacent telemetry, not limited to commodity malware workflows.

• Strong hands-on technical skills: scripting for analysis (e.g., Python), SQL, investigative query languages analysis, and low-level inspection of behaviors and artifacts appropriate to principal-level research.

• Proven ability to initiate research from weak signals or open questions, not only execute on predefined queues; comfort operating with incomplete data and tightening rigor over time.

• Excellent written and verbal communication; ability to persuade cross-functional partners and explain strategic tradeoffs among threat coverage and detection quality, false positives, analyst and engineering workload, and system performance at scale.

• Experience collaborating with senior engineering and product leaders to land complex changes; judgment on when to ship, when to instrument further, and when to stop a line of inquiry.

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Is role eligible for Immigration Sponsorship? No. Please note that we will not sponsor applicants for work visas for this position.