Principal Product Security Researcher – Infosec
| Company | Palo Alto Networks |
|---|---|
| Location | Santa Clara, CA, USA |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | |
| Experience Level | Senior, Expert or higher |
Requirements
- Experience with secure programming concepts
- Experience with Linux, Operating System Concepts, Networking, Cloud computing
- Good understanding of web/application security threats and defenses (code injection, XSS, etc.)
- Experience handling product security crisis situations such as breaches or 0-days
- Familiarity with OWASP guidelines
- Familiarity with agile software development/continuous integration/automation
- Excellent written and verbal communication skills
- Strong analytical and problem-solving skills, ability to work independently
- Ability to lead and collaborate across functional teams as well as external partners, security researchers, and other security teams
- Demonstrated experience (such as academic projects) in Javascript, NodeJS, Java, C. Relational and NoSQL databases
- Ability to read and understand multiple programming languages
- Experience in a red/blue/purple team
Responsibilities
- Research security vulnerabilities identified in our products or cloud offerings
- Work with exceptional security professionals from across the company as well as across the industry
- Provide guidance to ensure appropriate vulnerability remediation: assist with developing and reviewing defensive solutions
- Lead and collaborate with stakeholders across the company and beyond including executives, engineering, infosec, privacy, legal, support, sales, customers, security researchers, and industry partners
- Work with a growth mindset and learn about the latest trends in cybersecurity
- Publish security advisories to provide clarity and guidance to customers regarding security concerns
Preferred Qualifications
- Participation in Capture the Flag (CTF) events, a local OWASP chapter, or similar security-focused communities is a plus
- An existing public blog entry on a technical issue, comment on a mailing list or open-source issue, or other technical comments on social media that illustrates the ability to communicate complex security topics would be a plus
- Experience in a red/blue/purple team would be a plus