דרושים » אבטחת מידע וסייבר » Senior Threat Hunting Researcher (Unit 42)

The Cyber Threat Intelligence Hunter will sit within Unit 42 Managed Threat Hunting and support proactive, intelligence-led hunting across customer environments. This role combines hands-on threat hunting with cyber threat intelligence analysis, helping multinational organizations stay one step ahead of adversaries and cyber threats.
Key Responsibilities
Analyze public and private threat intelligence, Unit 42 research, adversary campaigns, malware activity, infrastructure, indicators, and TTPs.
Translate threat intelligence into actionable hunting hypotheses, investigation workflows, hunting queries, and customer-facing findings.
Execute existing threat hunting reports and hunting workflows, investigate results, and support timely customer reporting.
Investigate scheduled hunt detections and compose clear, professional reports when relevant.
Investigate hunting leads based on IOCs, threat intelligence, internal detections, customer telemetry, and emerging adversary behaviors.
Monitor the threat landscape and prepare initial context for emerging campaigns, enabling the global team to continue deeper investigation and hunting.
Collaborate with threat hunters, detection engineers, incident responders, MDR, and Unit 42 researchers to operationalize intelligence quickly and effectively.
Escalate major, unclear, or high-impact security events to the Threat Hunting leadership team when necessary.
Provide ongoing feedback on findings, hunting reports, queries, intelligence workflows, and operational processes to support continuous improvement.

The Cortex Threat Intelligence team is responsible for maintaining an up-to-date overview of the ever-changing threat landscape and its effects on the Cortex product suite. This includes the collection, analysis, and dissemination of technical threat intelligence from multiple internal and external sources. As part of this role, you will identify detection opportunities, automate threat intelligence processes, and develop tools and methodologies to increase team productivity. Palo Alto Networks Cortex XDR is a market-leading platform with an almost unparalleled telemetry data lake. Our team is deeply data-driven; it is the ideal environment for analysts who are enthusiastic about data mining, tracking threat actors, and deconstructing complex cyberattacks.
Key Responsibilities
Monitor the global threat landscape using diverse sources to proactively identify potential coverage gaps and improve Cortex XDRs defensive posture.
Perform in-depth research into cyberattack techniques to provide actionable insights and suggestions for improving product capabilities.
Leverage Palo Alto Networks telemetry datasets to identify emerging attack patterns and hunt for novel threats.
Design and propose robust detection logic across multiple operating systems (Windows, macOS, Linux).
Partner with cross-functional teams within Palo Alto Networks to communicate findings and co-develop security enhancements.
Transform technical intelligence into high-impact deliverables, including customer-facing reports, research articles for the company blog, or presentations at international security conferences.

The Cortex Threat Intelligence team is responsible for maintaining an up-to-date overview of the ever-changing threat landscape and its effects on the Cortex product suite. This includes the collection, analysis, and dissemination of technical threat intelligence from multiple internal and external sources. As part of this role, you will identify detection opportunities, automate threat intelligence processes, and develop tools and methodologies to increase team productivity. Palo Alto Networks Cortex XDR is a market-leading platform with an almost unparalleled telemetry data lake. Our team is deeply data-driven; it is the ideal environment for analysts who are enthusiastic about data mining, tracking threat actors, and deconstructing complex cyberattacks.
Key Responsibilities
Monitor the global threat landscape using diverse sources to proactively identify potential coverage gaps and improve Cortex XDRs defensive posture.
Perform in-depth research into cyberattack techniques to provide actionable insights and suggestions for improving product capabilities.
Leverage Palo Alto Networks telemetry datasets to identify emerging attack patterns and hunt for novel threats.
Design and propose robust detection logic across multiple operating systems (Windows, macOS, Linux).
Partner with cross-functional teams within Palo Alto Networks to communicate findings and co-develop security enhancements.
Transform technical intelligence into high-impact deliverables, including customer-facing reports, research articles for the company blog, or presentations at international security conferences.

The Cortex Threat Intelligence team is responsible for maintaining an up-to-date overview of the ever-changing threat landscape and its effects on the Cortex product suite. This includes the collection, analysis, and dissemination of technical threat intelligence from multiple internal and external sources. As part of this role, you will identify detection opportunities, automate threat intelligence processes, and develop tools and methodologies to increase team productivity. our company's Cortex XDR is a market-leading platform with an almost unparalleled telemetry data lake. Our team is deeply data-driven; it is the ideal environment for analysts who are enthusiastic about data mining, tracking threat actors, and deconstructing complex cyberattacks.
Key Responsibilities
Monitor the global threat landscape using diverse sources to proactively identify potential coverage gaps and improve Cortex XDRs defensive posture.
Perform in-depth research into cyberattack techniques to provide actionable insights and suggestions for improving product capabilities.
Leverage our company's telemetry datasets to identify emerging attack patterns and hunt for novel threats.
Design and propose robust detection logic across multiple operating systems (Windows, macOS, Linux).
Partner with cross-functional teams within our company to communicate findings and co-develop security enhancements.
Transform technical intelligence into high-impact deliverables, including customer-facing reports, research articles for the company blog, or presentations at international security conferences.

We are seeking a Principal/Senior Security Researcher to lead proactive research into emerging abuse patterns across agentic and modern endpoint environments. This includes browser extensions, SaaS- and web-delivered code, autonomous agents, MCPs and related tooling, and other forms of non-binary software that do not fit neatly into a traditional malware-focused model.
In this role, you will define and drive independent research initiatives rather than simply respond to predefined queues. You will conduct deep technical investigations, including reverse engineering, telemetry analysis, controlled experimentation, and data-driven validation, and translate your findings into actionable outcomes for the product. These may include detection concepts with clear success criteria, recommendations for new telemetry or platform behavior, and concise technical narratives for engineering, product, executive, or customer-facing audiences.
You will act as a senior research partner to engineering and product leadership, helping shape priorities around what to instrument, what to build, what to retire, and how to reason about ambiguous signals in production environments. The role requires strong technical judgment, strategic thinking, and the ability to turn complex research into evidence-backed product impact.
Key Responsibilities
Define and execute proactive research programs: novel attack surfaces (e.g., browser extensions, SaaS-delivered code, autonomous agents, MCP/tooling ecosystems), long-horizon threats, and systemic gaps in visibility or detection.
Perform deep technical analysis beyond routine triage: reverse engineering, behavioral modeling, data-driven hypothesis testing, and rigorous validation of findings at scale.
Set direction for how research translates into product and detection: prioritization frameworks, threat models, evaluation criteria, and standards of evidence for shipping high-impact changes.
Partner with senior engineering and product stakeholders to shape roadmap, telemetry, and architecture informed by research; influence design tradeoffs before issues appear in the field.
Lead complex, ambiguous investigations end-to-end and synthesize conclusions for executive and customer-facing audiences when stakes are high.
Represent the team through high-quality technical artifacts (e.g., in-depth publications, conference-quality work, or equivalent internal briefings) that establish external and internal credibility.

We're looking for a Threat Detection Researcher to join the Threat Research team and spread the power of our company. In this role, you will further develop the Cloud-native Threat Detection domain.
WHAT YOULL DO
Design behavioral baselines for complex cloud environments using diverse signals, and develop high-fidelity detections based on those baselines.
Expand our company's detection engine with novel and high-impact telemetry sources, pushing the boundaries of what can be detected in modern cloud environments.
Conduct deep technical research into complex cloud services to uncover novel attack vectors.
Investigate real-world attacks across cloud environments, identity providers (IDPs), and infrastructure-as-a-service (IaaS) platforms.
Hunt and analyze emerging threats and active campaigns targeting cloud ecosystems.

What you will do
Research threat actors, campaigns, and techniques relevant to browser extensions, SaaS apps, autonomous agents, MCP/tooling ecosystems, and related endpoint behaviors.
Build and maintain threat intelligence: TTPs, IOCs where appropriate, ATT&CK-style mappings, and internal knowledge bases.
Design, test, and tune detection logic (behavioral rules, heuristics, models, or equivalent) in collaboration with detection and data science teams.
Analyze customer and telemetry datasets to find novel abuse patterns, false positives, and detection gaps.
Produce clear outputs for multiple audiences: technical blogs, customer-facing briefings, internal playbooks, and engineering specs.
Work with reverse engineering, data engineering, and product to turn research into durable platform capabilities.
Participate in incident-driven research and time-sensitive investigations when new threats emerge.

What you will do
Research threat actors, campaigns, and techniques relevant to browser extensions, SaaS apps, autonomous agents, MCP/tooling ecosystems, and related endpoint behaviors.
Build and maintain threat intelligence: TTPs, IOCs where appropriate, ATT&CK-style mappings, and internal knowledge bases.
Design, test, and tune detection logic (behavioral rules, heuristics, models, or equivalent) in collaboration with detection and data science teams.
Analyze customer and telemetry datasets to find novel abuse patterns, false positives, and detection gaps.
Produce clear outputs for multiple audiences: technical blogs, customer-facing briefings, internal playbooks, and engineering specs.
Work with reverse engineering, data engineering, and product to turn research into durable platform capabilities.
Participate in incident-driven research and time-sensitive investigations when new threats emerge.

Join a team redefining cloud security operations across Cloud Detection & Response (CDR) and Cloud Security Posture Management (CSPM). Our team operates at the intersection of security, engineering, and large-scale cloud operations. We build products that help organizations detect threats faster, respond with confidence, continuously reduce risk, and secure modern cloud environments at scale. This is an opportunity to help shape the future of autonomous cloud defense by building technology that turns security signals into meaningful action.
Key Responsibilities
Help build the next generation of the Autonomous Cloud SOC by transforming detections, posture findings, and emerging threats into intelligent investigation and response workflows.
Design and build automated playbooks that investigate security signals, gather evidence, assess blast radius, validate risk, and guide or execute response actions.
Work across cloud control planes, identity systems, Kubernetes environments, network telemetry, and posture data to turn signals into high-confidence outcomes.
Leverage existing detections, continuously improve investigation logic, and ensure response workflows remain effective as cloud environments and attacker techniques evolve.

we are looking for a Lead Security Researcher - AI Threat Intelligence. This key position within the threat intelligence group will be in charge of analyzing the vast amount of data that is managed by our company, develop threat intelligence on adversarial TTPs (tactics, techniques and procedures) and generate reports, presentations and blogs on anomalies and tools identified.
This role goes beyond the analyst role, as a key member of the team the threat intelligence researcher will work with internal security teams, network data, underground intelligence teams and much more, performing cutting edge research followed by presenting the research externally via various mediums.
Responsibilities:
Lead threat intelligence research focused on AI-related threats, threat actors, attack techniques, and emerging cybersecurity trends
Analyze internal and external security data to identify attack patterns, campaigns, and actionable intelligence
Explore large-scale datasets using SQL and other data analysis methods to generate research insights
Build tools, workflows, and agentic systems to automate research, investigation, and intelligence production
Research how attackers use AI and how AI can improve threat detection, investigation, and response
Publish high-quality research, including blogs, reports, threat intelligence summaries, and customer-facing insights
Present research at cybersecurity conferences, webinars, company events, and customer-facing sessions
Collaborate with product, data, engineering, and research teams to improve detections and product intelligence
Independently lead research initiatives from idea and data exploration to publication and presentation.
Travel internationally for company events and cybersecurity conferences at least six times per year.