Back to jobs
Palo Alto Networks
Palo Alto Networks

Principal Researcher

City of London Remote OK 5-10 yrs exp Computer and Network Security 22,761 employees
Cyber Threat IntelligenceData AnalysisSQLPythonRust

Requirements

Candidates should have a DV-level security clearance eligibility and a BS/MS in Computer Science or equivalent experience. Proficiency in SQL, Python, and a deep understanding of Internet protocols are essential.

Job Description

Our Mission

At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.

Who We Are

In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!

This role is remote, but distance is no barrier to impact. Our hybrid teams collaborate across geographies to solve big problems, stay close to our customers, and grow together. You will be part of a culture that values trust, accountability, and shared success where your work truly matters.

Job Summary

Your Career

As a member of the Unit 42, National Security (NATSEC) team, you will be working closely with a globally distributed team of vulnerability researchers, reverse engineers, and threat intelligence analysts. In this role you will work with the Cyber Research Engineering team to conduct investigations into global network infrastructure in support of both government and commercial customer requirements.

Your Impact

  • Lead investigations end-to-end in response to customer intelligence requirements, from inquiry through collection and analysis to delivered product.
  • Investigate adversary infrastructure, exposures, and observable activity across large datasets, correlating signals at gigabyte-to-petabyte scale.
  • Build the tooling and infrastructure investigations require.
  • Produce finished intelligence in both strategic and technical registers, from senior-leader assessments to analyst-to-analyst methodology write-ups and indicators.
  • Innovate, develop, and implement new methods, capabilities, or customer deliverables.
  • Research unfamiliar products or protocols as investigations require, design the collection to characterise them, and interpret the results.
  • Design and deploy custom Internet scanning to collect what existing platforms don't cover, including probe development, scan infrastructure decisions (attribution, geographic origin, hosting), and analysis of results.
  • Set technical direction for investigations and raise the craft across the team in data work, collection design, source evaluation, and report writing.
  • Shape which investigations the team prioritises and which capabilities we build next.

Qualifications

Your Experience

  • Have or be eligible for a DV-level security clearance.
  • BS/MS in Computer Science, Computer Engineering, or 5+ years of experience as a cyber threat intelligence analyst.
  • Experience producing written intelligence products across both strategic and technical registers for government, intelligence community, or commercial equivalents.
  • Experience leveraging netflow, passive DNS, IP registration, malware telemetry, and other data sets to form comprehensive threat assessments.
  • Broad knowledge of nation-state APT groups and how their tactics, techniques, and procedures differ.
  • Fluency in SQL at scale, with the analytical instincts to know what to ask of the data.
  • Proficiency in Python, Rust, or Go.
  • Deep understanding of how the Internet works: routing, the devices that move information, and the protocols carrying them.
  • Experience standing up the infrastructure and tooling required to deliver an investigation, not just executing existing playbooks.
  • Hands-on experience with active Internet scanning — designing probes, executing collection at scale, and analyzing responses.
  • Experience researching unfamiliar products or protocols, designing collection to characterise them, and producing intelligence findings from the results.
  • Comfortable explaining technical findings to senior government stakeholders.
  • Fluent in written and spoken English at the standard required for finished intelligence.

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Is role eligible for Immigration Sponsorship?: Yes

Education

Bachelor Degree

Skills

Cyber Threat IntelligenceData AnalysisSQLPythonRustGoInternet ScanningVulnerability ResearchReverse EngineeringThreat IntelligenceNetwork InfrastructureTechnical WritingAdversary InfrastructureData CollectionMethodology DevelopmentCollaboration

About Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

View company profile →