Senior Principal Researcher (Unit 42) - job 1 of 2

Our Mission

At Palo Alto Networks® everything starts and ends with our mission:

Being the cybersecurity partner of choice, protecting our digital way of life.
Our vision is a world where each day is safer and more secure than the one before. We are a company built on the foundation of challenging and disrupting the way things are done, and we’re looking for innovators who are as committed to shaping the future of cybersecurity as we are.

Who We Are

This role is remote, but distance is no barrier to impact. Our hybrid teams collaborate across geographies to solve big problems, stay close to our customers, and grow together. You will be part of a culture that values trust, accountability, and shared success where your work truly matters.

We are seeking a Senior Principal, Cyber Threat Intelligence on our Fusion Intelligence Team (FIT), which is part of the Intel Response Unit within our broader Unit 42 Threat Intelligence organization. FIT’s mission is to conduct accelerated threat intelligence collection and analysis with a focus on pivoting from open-source intelligence to internal holdings to contextualize, cluster, and develop insights into emerging and ongoing threat activity. You will have the opportunity to collaborate with world-class researchers and engineers across Palo Alto Networks, ensuring high caliber intelligence drives additional cyber threat intel research, consultant engagements, customer and executive insights, and product integrations.

Your Impact

As a Senior Principal Researcher on the Fusion Intelligence Team, your primary responsibilities will include:

1. Leverage unique data holdings and partner across teams: Harness the full weight of the company's unique data holdings, including product telemetry, front line Incident Response (IR) data, and partner information. Utilize these resources to produce and communicate the most unique and valuable insights, enhancing the effectiveness and differentiation of our threat intelligence capabilities. Produce Intelligence Bulletins, Threat Briefs, and other sharable content based on unique findings derived from the team’s analysis. Partner with other research and product teams to build joint capabilities and ensure findings are leveraged to the full extent.

2. Accelerate OSINT fusion: Integrate open source technical sources with other available data to build a more complete cyber threat intelligence picture. Conduct accelerated analysis to enhance the organization's threat intelligence knowledge repository and bolstering our knowledge of threat activity to drive threat actor attribution. Ensure continuous updates to threat actor, industry, region, and malware profiles. Enhance team workflows to improve the scalability and effectiveness of the team's analytical capabilities.

3. Lead Technical Projects: Lead innovative projects within the team and across Unit 42 that drive forward the efficiency and effectiveness of the mission. Work directly with Unit 42 engineering to improve team workflows and processes.

4. Contribute to external engagement: Amplify Unit 42 presence and credibility in the marketplace through thought leadership, including via speaking engagements, publishing threat research.

5. Leverage AI for Analytic Workflows: Integrate Generative AI, NotebookLM, and other artificial intelligence and machine learning solutions across all phases of the intelligence lifecycle to improve analytic workflows. Use and develop new AI solutions to reduce research toil, query existing intelligence holdings, and accelerate report and presentation creation.

6. Mentor and Review Technical Analysis. Leverage your expertise to mentor other researchers and support the growth of overall team capabilities. In partnership with the FIT team manager, act as an authority for review of team products ensuring technical accuracy and alignment to strategic vision.

Your Experience 

• Expert technical experience in Cyber Threat Intelligence including actionable knowledge of cyber adversary groups, tactics, and techniques, malware analysis, and hunting methodologies. 

• Strong experience with hypergraph modeling and clustering process-level details within the context of threat activity. 

• Ability to contextualize cyber events, identify how the events fit into a current or historical pattern, the impact on an industry or organization, and tailored defensive recommendations.

• Ability to leverage multiple telemetry types and intelligence sources to generate unique insights into potential threats and associate malicious activity.

• Highly organized with the ability to manage multiple tasks, prioritize effectively, and triage competing demands in a fast-paced environment.

• Strong writing and presentation skills, with the ability to effectively communicate complex threat intelligence information to diverse audiences.

• Proficiency in developing and maintaining scripts to streamline intelligence workflows, enhance efficiency, and improve data accuracy. 

• Familiarity with Vertex Synapse preferred.

• Experience with prompt engineering and leveraging Google’s AI capabilities to support development of intelligence products.

• Bachelor’s Degree or equivalent military experience - an advanced degree such as MS is a plus.

The Team

Unit 42 brings together our world-renowned threat researchers with an elite team of security consultants to create an intelligence-driven, response ready organization. The Unit 42 Threat Intelligence team provides threat research that enables security teams to understand adversary intent and attribution, while enhancing protections offered by our products and services to stop advanced attacks. As threats escalate, Unit 42 is available to advise customers on the latest risks, assess their readiness, and help them recover when the worst occurs.

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $188000 - $304050/YR. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.