Palo Alto Networks
Staff Research Analyst (Vulnerability Research Team)
Palo Alto Networks, Santa Clara, California, us, 95053
Staff Research Analyst (Vulnerability Research Team)
Our Mission
At Palo Alto Networks® everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.
Who We Are
We take our mission seriously. We are relentless in protecting our customers and believe that the unique ideas of every member contribute to our collective success. Our values are lived through disruption, collaboration, execution, integrity, and inclusion.
Job Description
The Cortex Exposure Management Scanning team is expanding, and we’re looking for a Staff Research Analyst to join our team. The team builds software that gives our customers visibility into their behind‑the‑firewall attack surface, allowing them to prioritize and remediate critical vulnerabilities.
Your Impact
Conduct vulnerability assessment research and testing, enhance automation processes, and ensure smooth workflow for identifying, validating, and mitigating customer security risks.
Develop and maintain a comprehensive, industry‑leading repository of vulnerability content for network and endpoint scanners to improve detection and mitigation.
Analyze existing solutions, identify barriers to quality, recommend changes, and implement improvements.
Participate in architecture discussions and help design solutions that meet the needs of different Cortex teams.
Collaborate with teams to solve problems, reduce technical debt, and evolve development practices; drive technical best practices and evangelize new technologies.
Contribute to projects, help move them forward, and assist with production support.
Qualifications
Some experience in vulnerability management, security research, or penetration testing.
Knowledge of TCP/IP and standard networking protocols, with experience applying them in network vulnerability scanning and asset discovery.
Familiarity with open‑source security tools such as Nuclei, OpenVAS, or Nmap.
Experience conducting vulnerability assessments on Windows, Linux, macOS, or Unix systems using agent‑based and network‑based scanners.
Knowledge of cybersecurity frameworks and vulnerability methodologies.
Experience with penetration and security assessment tools such as Metasploit, Nmap, Burp Suite, Wireshark.
Experience contributing to public vulnerability research, submitting CVEs or creating proof‑of‑concept exploits.
Nice to Haves
Ability to switch between research, design, prototype, and implementation.
Proficient in Python, and familiarity with Java, Go, C/C++, or Rust.
Hands‑on experience configuring enterprise vulnerability‑management platforms (e.g., Nessus, Qualys, Tenable, Rapid7). Ability to interpret scan data and prioritize remediation.
Experience deploying and managing vulnerability assessment solutions to support compliance initiatives such as SOC 2 or CIS Benchmarks.
Experience with cloud‑managed services, ideally GCP.
Knowledge of distributed data stores (BigQuery, BigTable) and relational databases (PostgreSQL, MySQL).
Familiarity with patch management processes and tools (e.g., WSUS, SCCM).
Familiarity with embedded systems, mobile platforms (Android, iOS).
Understanding of network architectures, subnetting, routing, VLANs, and their impact on scanning.
Base level cybersecurity certifications (e.g., OSCP, GPEN, Pentest+) or willingness to obtain them.
Additional Information
Compensation offered depends on qualifications, experience, and location. For this non‑sales role, the base salary ranges from $110,800 to $179,225 per year, and may include restricted stock units and a bonus. Benefits information available here.
Our Commitment
We’re problem solvers who take risks and challenge cybersecurity’s status quo. We are committed to providing reasonable accommodations for all qualified individuals with disabilities. We celebrate diversity and provide equal employment opportunities for all qualified applicants.
All your information will be kept confidential according to EEO guidelines.
Is role eligible for Immigration Sponsorship? Yes
#J-18808-Ljbffr
At Palo Alto Networks® everything starts and ends with our mission: Being the cybersecurity partner of choice, protecting our digital way of life. Our vision is a world where each day is safer and more secure than the one before. We are built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.
Who We Are
We take our mission seriously. We are relentless in protecting our customers and believe that the unique ideas of every member contribute to our collective success. Our values are lived through disruption, collaboration, execution, integrity, and inclusion.
Job Description
The Cortex Exposure Management Scanning team is expanding, and we’re looking for a Staff Research Analyst to join our team. The team builds software that gives our customers visibility into their behind‑the‑firewall attack surface, allowing them to prioritize and remediate critical vulnerabilities.
Your Impact
Conduct vulnerability assessment research and testing, enhance automation processes, and ensure smooth workflow for identifying, validating, and mitigating customer security risks.
Develop and maintain a comprehensive, industry‑leading repository of vulnerability content for network and endpoint scanners to improve detection and mitigation.
Analyze existing solutions, identify barriers to quality, recommend changes, and implement improvements.
Participate in architecture discussions and help design solutions that meet the needs of different Cortex teams.
Collaborate with teams to solve problems, reduce technical debt, and evolve development practices; drive technical best practices and evangelize new technologies.
Contribute to projects, help move them forward, and assist with production support.
Qualifications
Some experience in vulnerability management, security research, or penetration testing.
Knowledge of TCP/IP and standard networking protocols, with experience applying them in network vulnerability scanning and asset discovery.
Familiarity with open‑source security tools such as Nuclei, OpenVAS, or Nmap.
Experience conducting vulnerability assessments on Windows, Linux, macOS, or Unix systems using agent‑based and network‑based scanners.
Knowledge of cybersecurity frameworks and vulnerability methodologies.
Experience with penetration and security assessment tools such as Metasploit, Nmap, Burp Suite, Wireshark.
Experience contributing to public vulnerability research, submitting CVEs or creating proof‑of‑concept exploits.
Nice to Haves
Ability to switch between research, design, prototype, and implementation.
Proficient in Python, and familiarity with Java, Go, C/C++, or Rust.
Hands‑on experience configuring enterprise vulnerability‑management platforms (e.g., Nessus, Qualys, Tenable, Rapid7). Ability to interpret scan data and prioritize remediation.
Experience deploying and managing vulnerability assessment solutions to support compliance initiatives such as SOC 2 or CIS Benchmarks.
Experience with cloud‑managed services, ideally GCP.
Knowledge of distributed data stores (BigQuery, BigTable) and relational databases (PostgreSQL, MySQL).
Familiarity with patch management processes and tools (e.g., WSUS, SCCM).
Familiarity with embedded systems, mobile platforms (Android, iOS).
Understanding of network architectures, subnetting, routing, VLANs, and their impact on scanning.
Base level cybersecurity certifications (e.g., OSCP, GPEN, Pentest+) or willingness to obtain them.
Additional Information
Compensation offered depends on qualifications, experience, and location. For this non‑sales role, the base salary ranges from $110,800 to $179,225 per year, and may include restricted stock units and a bonus. Benefits information available here.
Our Commitment
We’re problem solvers who take risks and challenge cybersecurity’s status quo. We are committed to providing reasonable accommodations for all qualified individuals with disabilities. We celebrate diversity and provide equal employment opportunities for all qualified applicants.
All your information will be kept confidential according to EEO guidelines.
Is role eligible for Immigration Sponsorship? Yes
#J-18808-Ljbffr