Principal Researcher (Unit 42)

Our Mission

At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.

Who We Are

In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!

This role is remote, but distance is no barrier to impact. Our hybrid teams collaborate across geographies to solve big problems, stay close to our customers, and grow together. You will be part of a culture that values trust, accountability, and shared success where your work truly matters. 

Job Summary

As a Principal Threat Intelligence Researcher on the Unit 42 CTI Services Delivery Team, you will play a critical role in creating timely, relevant, and actionable threat insights for our customers. You will be responsible for understanding customer intelligence needs and developing tailored intelligence that augments their existing capabilities, ultimately driving their business and security outcomes.

Key Responsibilities

• Deliver fused intelligence insights and custom-tailored content to clients, focusing on relevant cyber threat activities, trends, and shifts in the threat landscape.
• Provide tailored research and analysis for client-based Requests for Information (RFIs), leveraging Palo Alto Networks' unique data and cross-company capabilities.
• Create and maintain detailed cyber threat profiles for clients, identifying top threats and providing tailored defensive recommendations based on their unique operational footprint.
• Develop structured intelligence on adversary trends, motivations, and targeting patterns to support rapid intelligence production for unfolding cyber events.
• Represent Unit 42 as an industry expert by delivering presentations at conferences, participating in public speaking engagements, and authoring influential thought leadership.
• Proactively collaborate with colleagues, sharing expertise and best practices to enhance team capabilities and mentor others in technical and strategic research.
• Integrate and develop AI/ML solutions across the intelligence lifecycle to improve analytic workflows, reduce research toil, and accelerate report creation.

Required Qualifications

• Minimum of 7 years of experience in the cyber threat intelligence (CTI) field, including threat research, analytic production, and client-facing delivery.
• Strong knowledge of cyber threat actors, noteworthy attacks, and the ability to quickly recognize shifts or deviations from threat activity baselines.
• Demonstrated ability to contextualize cyber events, identify historical patterns, and provide tailored defensive recommendations.
• Exceptional writing and presentation skills with experience communicating complex threat intelligence to diverse audiences, including C-suite executives.
• Proven ability to operate under short-fuse deadlines, manage concurrent tasks, and thrive in complex and sometimes ambiguous situations.

Preferred Qualifications

• Deep experience with cyber threat intelligence frameworks (e.g., MITRE ATT&CK) and advanced analytical techniques.
• Experience presenting at major CTI or cyber threat research conferences.
• History of triaging and modeling open-source data and telemetry, with a preference for experience using graph-based analysis tools (e.g., Synapse).
• Experience with prompt engineering and leveraging AI capabilities to support the development of intelligence products.

The Team

Unit 42 - Unit 42 is the global threat intelligence team at Palo Alto Networks. We believe threat intelligence should be shared and available to all within the industry. We deliver high-quality, in-depth research on adversaries, malware families, and attack campaigns. Our analysts uncover and document adversary behaviors and then share playbooks that give insight into the various tools, techniques, and procedures threat actors execute to compromise organizations. If you’re looking for a career with access to the brightest minds in cybersecurity, you’ve found it.

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $162700/YR - $263150/YR. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.

Our Commitment

We’re problem solvers that take risks and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  [email protected].

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Is role eligible for Immigration Sponsorship?: Yes