Principal Offensive Security Researcher

Our Mission

At Palo Alto Networks everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we're looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

We take our mission of protecting the digital way of life seriously. We are relentless in protecting our customers and we believe that the unique ideas of every member of our team contributes to our collective success. Our values were crowdsourced by employees and are brought to life through each of us everyday - from disruptive innovation and collaboration, to execution. From showing up for each other with integrity to creating an environment where we all feel included.

As a member of our team, you will be shaping the future of cybersecurity. We work fast, value ongoing learning, and we respect each employee as a unique individual. Knowing we all have different needs, our development and personal wellbeing programs are designed to give you choice in how you are supported. This includes our FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees, our mental and financial health resources, and our personalized learning opportunities - just to name a few

Your Career

We are seeking a highly skilled and self-motivated Principal Offensive Security Researcher to join our dynamic team. In this role, you will be at the forefront of our security efforts, conducting comprehensive penetration testing and research across a wide range of modern technologies. You will have the unique opportunity to test and secure our cutting-edge security products, including DSPM, Identity, CSPM, CDR, and API security solutions. This is a senior, high-impact position for an all-around expert who thrives on technical challenges and is passionate about pushing the boundaries of offensive security.

Your Impact

• Lead and execute sophisticated penetration testing engagements across diverse environments, including web applications, cloud infrastructure (AWS, etc.), Kubernetes, containers, and source code.
• Pioneer and develop innovative tools, techniques, and methodologies to simulate advanced adversaries and enhance our testing capabilities.
• Collaborate closely with product and engineering teams to provide deep technical insights, identify vulnerabilities, and strengthen the security posture of our core products.
• Conduct in-depth research on emerging threats and vulnerabilities, translating your findings into actionable intelligence and improved security controls.
• Create, deliver, and present clear, detailed, and actionable reports and findings to both technical and executive stakeholders.
• Serve as a subject matter expert and mentor to other team members, fostering a culture of continuous learning and technical excellence.
• Drive End-to-End Evaluation: Take ownership of creating and executing the end-to-end security evaluation and testing strategy for our core solutions.
• Influence the Roadmap: Your research and findings will directly influence the security roadmap and feature development of our products.

Your Experience

• Demonstrated real-world experience in offensive security, evidenced by a portfolio of public research, tool development, or conference presentations.
• Deep technical expertise in multiple of the following areas:
  • Web Application Security: Thorough understanding of the OWASP Top 10, API security, and modern web technologies.
  • Cloud Security: Proven experience performing penetration tests and security reviews of cloud environments (AWS, GCP, Azure).
  • Container & Kubernetes Security: In-depth knowledge of containerization technologies (Docker, etc.) and Kubernetes architecture and common misconfigurations.
  • Infrastructure & Network Penetration Testing: Expertise in identifying and exploiting vulnerabilities in internal and external networks.
• Proficiency with offensive security tools and frameworks (e.g., Burp Suite, Metasploit, Kali Linux, debuggers/disassemblers like IDA Pro or Ghidra).
• Strong understanding of the MITRE ATT&CK framework and other security models.
• Working knowledge of Windows & Linux operating system internals.
• Exceptional problem-solving skills and the ability to work independently and manage complex projects from start to finish.
• Excellent communication skills, with the ability to communicate highly technical findings effectively to engineers, peers, and leadership.
• Programming proficiency is highly desired. Python and Go are preferred, but experience with other languages (C, C , C#, Java, Ruby) is also valuable.
• A Bachelor's degree in a technical field is a plus, but not required.
• Industry certifications such as OSCP, OSEP, OSCE, OSEE, or GXPN are highly regarded.

The Team

We are a team of DevSecOps and cloud researchers who value curiosity, deep technical debate, and a collaborative, research-driven approach to security. We believe in open knowledge sharing and empowering our engineers to pursue innovative ideas that make a real-world impact.

Our Commitment

We're problem solvers that take risks and challenge cybersecurity's status quo. It's simple: we can't accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.