Posted in

Sr Staff Research Analyst – Vulnerability Research Team

Sr Staff Research Analyst – Vulnerability Research Team

CompanyPalo Alto Networks
LocationSanta Clara, CA, USA
Salary$Not Provided – $Not Provided
TypeFull-Time
Degrees
Experience LevelSenior

Requirements

  • 4+ years of experience in vulnerability management, security research, or penetration testing
  • Strong understanding of TCP/IP and common networking protocols (e.g., HTTP, FTP, SSH, SNMP), with practical experience applying this knowledge in the context of network-based vulnerability scanning and asset discovery
  • Familiarity with common open source security software such as Nuclei, OpenVAS, or Nmap
  • Experience authoring and conducting vulnerability assessments on one or more operating system platforms (Windows, Linux, macOS, or Unix-based) using agent-based and network-based scanning tools
  • Knowledge of cybersecurity frameworks and vulnerability methodologies
  • Familiarity with current penetration and security assessment tools such as Metasploit, Nmap, Burp Suite, Wireshark, etc.
  • Cybersecurity knowledge demonstrated with base level certifications (eg. OSCP, GPEN, or Pentest+) or willingness to obtain
  • Experience contributing to public vulnerability research, submitting CVEs or creating proof-of-concept exploits

Responsibilities

  • Conduct vulnerability assessment research and testing, enhance automation processes, and ensure a smooth workflow for identifying, validating and mitigating customer security risks
  • Develop and maintain a comprehensive, industry-leading repository of vulnerability content for network and endpoint based scanners to enhance detection and mitigation strategies
  • Analyze existing solutions, identify barriers to quality, recommend changes, then implement
  • Take part in architecture strategy sessions; design solutions that accommodate the requirements of the various groups across Cortex
  • Collaborate with teams to solve problems, reduce technical debt, and evolve development practices. Drive technical best practices and evangelize new technologies within the engineering organization
  • Mentor other researchers and ensure that your team delivers high-quality output
  • Take ownership of projects, drive them to completion, and support them in production

Preferred Qualifications

  • Able to switch between research, design, prototype, and implementation
  • Proficient in Python. Familiar with, or eager to learn Java, Golang, C/C++ or RUST
  • Hands-on experience configuring, tuning and troubleshooting enterprise vulnerability-management platforms (e.g. Nessus, Qualys, Tenable, Rapid7) and interpreting scan-data to validate and prioritize remediation
  • Experience deploying and managing vulnerability assessment solutions (agent-based and network-based) to support compliance initiatives such as SOC 2, or CIS Benchmarks, including policy configuration, scan scheduling, and evidence generation for audits
  • Experience using cloud managed services (ideally in GCP)
  • Are familiar with distributed data stores, such as BigQuery and BigTable, as well as relational databases such as PostgreSQL and MySQL
  • Familiarity with patch management processes and tools (eg.WSUS or SCCM) knowing how vulnerabilities are remediated
  • Familiarity with embedded systems, mobile platforms (eg Android and iOS)
  • Knowledge of network architectures; understands subnetting and routing and how VLANs work and affect network scanning