דרושים » אבטחת מידע וסייבר » Threat Intelligence Researcher- CTI

Were hiring our first Product Security Researcher (SOC & Incident Response) to join our newly formed Security Research function- a critical role for someone passionate about advancing real-world SOC operations with deep cybersecurity expertise.
We are building a world-class Security Research team that will power our advanced product with deep, actionable cybersecurity expertise. This team will serve as the Subject Matter Experts (SMEs) behind our triage and Incident Response platform, defining logic, contributing threat intelligence, building use-case coverage, and continuously optimizing detection and investigation workflows.
Youll collaborate closely with Product, Engineering, and Customer Success to ensure our Auto-Triage engine reflects the latest adversarial techniques and real-world SOC operations.
Responsibilities
Serve as a domain expert in SOC workflows, alert triage, and incident response.
Design and maintain triage logic, playbook blueprints, AI Agents and more for responding to security events.
Develop and maintain alert enrichment, correlation, and classification rules across multiple data sources (EDR, SIEM, Identity, etc.).
Collaborate with product teams to define use cases, threat coverage, and analyst workflows.
Analyze real-world alerts, telemetry, and incident data to enhance product accuracy, reduce false positives and improve incident handling.
Evaluate and curate threat intelligence feeds and sources to support automated decision-making.
Conduct post-incident reviews to extract lessons and update triage logic accordingly.
Stay current with emerging threats, attacker TTPs, MITRE ATT&CK, and other frameworks.
Assist with quality assurance, testing, and validation of triage logic before deployment.

Were hiring our first Security Researcher to join our newly formed Security Research function- a critical role for someone passionate about advancing real-world SOC operations with deep cybersecurity expertise.
We are building a world-class Security Research team that will power our advanced product with deep, actionable cybersecurity expertise. This team will serve as the Subject Matter Experts (SMEs) behind our triage and Incident Response platform, defining logic, contributing threat intelligence, building use-case coverage, and continuously optimizing detection and investigation workflows.
Youll collaborate closely with Product, Engineering, and Customer Success to ensure our Auto-Triage engine reflects the latest adversarial techniques and real-world SOC operations.
Responsibilities
Serve as a domain expert in SOC workflows, alert triage, and incident response.
Design and maintain triage logic, playbook blueprints, AI Agents and more for responding to security events.
Develop and maintain alert enrichment, correlation, and classification rules across multiple data sources (EDR, SIEM, Identity, etc.).
Collaborate with product teams to define use cases, threat coverage, and analyst workflows.
Analyze real-world alerts, telemetry, and incident data to enhance product accuracy, reduce false positives and improve incident handling.
Evaluate and curate threat intelligence feeds and sources to support automated decision-making.
Conduct post-incident reviews to extract lessons and update triage logic accordingly.
Stay current with emerging threats, attacker TTPs, MITRE ATT&CK, and other frameworks.
Assist with quality assurance, testing, and validation of triage logic before deployment.

We're looking for a Threat Detection Researcher to join the Threat Research team and spread the power of our company. In this role, you will further develop the Cloud-native Threat Detection domain.
WHAT YOULL DO
Design behavioral baselines for complex cloud environments using diverse signals, and develop high-fidelity detections based on those baselines.
Expand our company's detection engine with novel and high-impact telemetry sources, pushing the boundaries of what can be detected in modern cloud environments.
Conduct deep technical research into complex cloud services to uncover novel attack vectors.
Investigate real-world attacks across cloud environments, identity providers (IDPs), and infrastructure-as-a-service (IaaS) platforms.
Hunt and analyze emerging threats and active campaigns targeting cloud ecosystems.

Required Principal Security Researcher, Data & AI (Cortex)
Your Career
Are you passionate about using cutting-edge technology to help protect the world against cyber threats? Do you live and breathe the cyber security world? Do you want to take part in an innovative and disruptive AI security group that has an impact on many customers?
You will be part of a strong security research and data science team who solve highly complex security challenges using disruptive technologies, ML algorithms and a lot of data.
As part of that, you will take part in the design and development of new groundbreaking AI security solutions which make a direct impact on many customers.
We value diverse viewpoints and experiences, as we are solving complex cyber security challenges. We are committed to a safe and inclusive workspace.
Your Impact
Transform Data into Defense:Take the lead in creating high-fidelity security incidents from a massive stream of alerts generated by our industry-leading advanced security solutions
Innovate with AI: Actively participate in cutting-edge research projects focused on creating novel prevention content at scale using state-of-the-art AI and Large Language Models (LLMs)
Drive Security Efficacy: Analyze complex threat data to identify attacker patterns, develop new prevention methodologies, and enhance automated flows to rapidly protect Cortex platform customers
Collaborate and Lead: Work side-by-side with top-tier data scientists, engineers, and product managers to translate research ideas into tangible, customer-facing security protections.

Required Security Research Manager - Cloud - Security Automation ( Cortex)
Your Career
Are you excited about leading a team of researchers who are redefining how cloud security is automated? Do you want to shape the future of an Autonomous SOC by building the next generation of remediation and response content?
As the Cloud Cybersecurity Research Manager, you will lead a team of talented researchers creating autonomous remediation plans for cloud runtime and posture issues. You will drive innovation, mentor researchers, and ensure our automation content is precise, safe, and impactful. This role combines hands-on technical knowledge with strategic leadership, empowering your team to deliver solutions that protect customers at scale.
Your Impact
Lead and mentor a team of cloud security researchers, fostering technical excellence, innovation, and collaboration
Define research priorities and guide the design of robust, testable, and autonomous remediation plans for cloud runtime and posture issues (CSPM, DSPM, CIEM, CNAPP, IAM, etc.)
Ensure high-quality delivery of SOAR playbooks and automation content aligned with customer needs and company vision
Collaborate with product, engineering, and threat research teams to maximize the impact of remediation content
Establish processes, KPIs, and best practices to continuously improve research output, playbook quality, and operational efficiency
Stay up to date with attacker TTPs, cloud-native threats, and emerging technologies to guide team direction.

Were looking for a hands-on AI Cyber Intelligence Engineer - in the domain of network attack surface. Someone who lives and breathes network security, loves exploring how attackers move through real environments, and is excited to shape how AI can automate and extend that process.
In this role, youll analzse real-world environments, identify potential attack vectors, and work closely with our AI engineering teams to translate your domain expertise into actionable, intelligent workflows. Youll play a key role in guiding how our platform learns to think and act like a top-tier security analyst.
Responsibilities
Analyse complex network environments, configurations, and security controls to map topologies and identify weaknesses or lateral movement paths.
Research and model attacker behaviour and detection strategies, guiding how AI systems reason about threat scenarios.
Collaborate with AI engineers to shape agentic flows - defining the logic, prompts, and reasoning patterns that replicate expert investigative thinking.
Conduct hands-on assessments of enterprise networks to validate and improve automated detection and response capabilities.
Stay current on evolving attack tactics, network security technologies, and AI-driven threat detection trends.
Act as a security subject matter expert for cross-functional engineering teams.

Required Senior Security Researcher - Identity - Security Automation (Cortex)
Your Career
Are you passionate about advancing automation in identity security? Do you thrive at the intersection of research, innovation, and large-scale impact? As a Senior Security Researcher, you will drive the design of autonomous response strategies to counter identity-based threats, misconfigurations, and abuse scenarios. Your research will directly shape the Cortex platforms ability to remediate identity-driven attacks, ensuring effective, safe, and scalable automation for our customers. You will collaborate with world-class researchers and engineers to deliver on the vision of the Autonomous SOC.
Your Impact
Lead the design and implementation of robust, testable, and safe remediation playbooks for identity-related threats (e.g., privilege escalation, credential abuse, lateral movement, IAM misconfigurations).
Conduct deep research on adversary TTPs targeting identity systems and translate insights into automated detection and response mechanisms.
Drive innovation in identity security automation by applying data analysis, modeling, and programming to refine remediation strategies.
Serve as a subject-matter expert and mentor within the research group, elevating the teams overall expertise in identity security.
Stay ahead of evolving identity-based attack vectors, cloud-native identity risks, and advanced adversary tradecraft to ensure our automation keeps pace with threats.

Required Senior Technical Research Auditor (Cortex Research)
Your Career
As a Senior Technical Research Auditor for Cortex Research, you will be honing and communicating high-quality, groundbreaking cybersecurity and threat intelligence research for Palo Alto Networks XDR & XSIAM Cortex Research Department. This is a highly technical role, and a strong research/technical background is a key qualification. Your goal is to work closely with Cortex researchers and the Unit 42 publishing team to ensure our research is clearly communicated in well-produced research articles and other written, recorded and visual materials. You will also engage in communication with external vendors and industry partners. Constant collaboration with various research groups, Corporate Communications, Legal, and Content Marketing teams is essential to help raise the profile of our research and improve our brand visibility.
Your Impact
Work with researchers to ensure high-quality, accurate, well-written pieces that are ready for publication through our Threat Research Center, social media and other properties.
Assist researchers with understanding how to translate complex technical research into clear storytelling that resonates with media and other non-technical audiences.
Review and fact-check the data and claims in our threat research publications.
Weigh in on technical research topics, such as: threat intelligence, malware analysis, reverse engineering, threat hunting, threat actor attribution, cloud and identity related attacks, endpoint security, and more.
Make necessary corrections and/or coordinate with other teams to identify who can resolve outstanding issues in a piece.
Maintain awareness of when additional notification and coordination is necessary in order to responsibly disclose our findings, including vulnerabilities.
Work with the publishing team in our ongoing effort to improve our guidelines, processes and scheduling.

Were looking for a top-notch Threat Detection Researcher to join our team and spread the power of our company. In this role, you will further develop the company Runtime Sensor as part of our threat research team.
WHAT YOULL DO
Develop detections and tools to protect customers from cloud threats
Investigate attacks on cloud environments and malware targeting cloud workloads
Hunt and analyze real-world attacks and emerging cloud threats
Collaborate closely with the R&D team to transform research insights into product features
Work with customers in response to requests related to suspicious activity or potential incidents
Create best practices and security policies based on research findings
Deliver external-facing content (blog posts and talks at security conferences) based on security insights and novel research.

If you're looking for an exciting opportunity to make a significant impact and grow with a passionate team, we are the place to be.
What Youre About::
As a Security Research Engineer, you will be a driving force behind innovation, researching and prototyping the next generation of security features for our AI-native ASPM platform. This role is directly shaping the future of our product and the security industry.
You'll work on novel solution approaches to application security that go beyond traditional AppSec tooling, implementing POCs for advanced prevention, detection, triage, and remediation features.
This role combines deep security research with hands-on engineering. You'll prototype new capabilities, validate their effectiveness, and work with product and engineering teams to bring successful POCs into the platform. It requires both security expertise and strong building skills.