Senior Application Security Researcher (Cortex Cloud)

Your Career

Are you fascinated by how AI and automation are fundamentally changing the way software is built We are witnessing a shift where code is prompted and orchestrated by autonomous agents and where the engineering environment itself has become a high-value target. We are looking for a visionary Senior Application Security Researcher to join an elite team tasked with redefining security for this new era of development.

In this role you will be the architect of trust across the entire software lifecycle. Your mission is to research and mitigate the risks that arise when human creativity meets agentic automation. Youll dive deep into securing the core of modern engineeringfrom protecting the developers workstation and IDE against malicious extensions to ensuring the absolute integrity of the software supply chain. This is your chance to lead high-impact research that secures the future of development from the first prompt in the IDE to the final production build.

Your Impact

• Pioneer AI-native security strategies to ensure that the new vibe coding frontier results in software that is architected securely from the very first prompt.
• Identify and mitigate novel attack vectors targeting coding agents and autonomous development workflows staying steps ahead of adversaries exploiting LLM integrations.
• Evolve traditional code vulnerabilities from a list of findings into proactive self-healing workflows that fix issues before they ever reach a pull request.
• Conduct deep-dive research into software supply chain vulnerabilities ranging from CI/CD pipeline risks to the provenance of AI-suggested dependencies.
• Collaborate closely with Product and Engineering teams to bake your research findings directly into the platforms core detection and remediation logic.
• Establish yourself as a thought leader by publishing original research writing influential blog posts and representing the team at major global security conferences.

Qualifications :

Your Experience 

• 4 years of professional experience in application security research with a deep focus on the security of modern software architectures and development lifecycles.
• Strong understanding of fundamental code-level weaknesses and the ability to identify common patterns of insecure coding that lead to recurring risks.
• Deep knowledge of third-party ecosystem risks including known vulnerabilities and the detection of compromised or malicious packages.
• Experience analyzing threats targeting the modern developers workstation and environment such as malicious IDE extensions and agentic plugin ecosystems.
• Deep understanding of modern engineering environments including CI/CD pipelines and cloud-native development methodologies.
• Practical experience in both offensive and defensive security allowing you to anticipate attacker behavior and translate it into robust defenses.
• A proactive problem-solver who can navigate the fast-moving AI security landscape and translate complex research into practical features for our product.

Advantages

• Previous experience in a security product company with a strong understanding of how to translate security research into scalable product features and detection logic.
• Experience with big data platforms (e.g. GCP BigQuery AWS Athena)
• Proficiency in multiple languages (e.g. Python Go JavaScript) and an understanding of how their specific security pitfalls manifest in AI-generated code and automated workflows.
• A portfolio of public-facing work such as CVEs whitepapers open-source security tools or recorded conference talks.

Additional Information :

The Team

Our research team is at the core of our products and connected directly to the mission of preventing cyberattacks. We are constantly innovating - challenging the way we and the industry think about cybersecurity. Our researchers dont shy away from building products to solve problems no one has pursued before.

We define the industry instead of waiting for directions. We need individuals who feel comfortable in ambiguity excited by the prospect of a challenge and empowered by the unknown risks facing our everyday lives that are only enabled by a secure digital environment.

Our Commitment

Were problem solvers that take risks and challenge cybersecuritys status quo. Its simple: we cant accomplish our mission without diverse teams innovating together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need please contact us at  .

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace and all qualified applicants will receive consideration for employment without regard to age ancestry color family or medical care leave gender identity or expression genetic information marital status medical condition national origin physical or mental disability political affiliation protected veteran status race religion sex (including pregnancy) sexual orientation or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Remote Work :

No

Employment Type :

Full-time