Senior Threat Hunting Researcher (Unit 42)
Job Description
Our Mission
At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.
Who We Are
In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!
We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.Job Summary
Job Summary
Palo Alto Networks is seeking a Senior Threat Hunting Researcher for Unit 42’s Managed Services group, a senior hands-on role combining threat hunting, detection engineering, and incident investigation experience. You will proactively hunt across diverse telemetry to identify suspicious behaviors and emerging threats that evade traditional security. A key part of the role is translating low-fidelity signals into high-fidelity hunting logic and reusable detection opportunities. You will collaborate with multiple teams to share findings, explain coverage, and support response and improvement efforts.
Key Responsibilities
Proactively hunt for suspicious behaviors, malware activity, threat actor tradecraft, and emerging campaign patterns across large-scale customer telemetry.
Build, validate, and tune hunting and detection logic across multiple data sources and security products.
Translate low-fidelity signals, alerts, incidents, and coverage gaps into high-fidelity hunting content and reusable detection opportunities.
Investigate suspicious activity using available telemetry and clearly communicate findings, limitations, and recommended next steps.
Improve detection quality by reducing false positives, increasing signal fidelity, and identifying meaningful coverage gaps.
Collaborate with MDR, Incident Response, Threat Intelligence, Product, and Engineering to improve protection and operational scalability.
Deliver clear, evidence-based reports and technical findings that help customers understand risk and improve defenses.
Qualifications
Required Qualifications
6+ years of hands-on cybersecurity experience across threat hunting, incident response, detection development, security research, SOC, or related security operations.
Strong understanding of attacker tradecraft, threat hunting methodologies, incident investigation workflows, and behavior-based detection concepts.
Hands-on experience with XDR, EDR, SIEM, cloud, identity, or similar security platforms, including alert investigation, telemetry analysis, and detection validation.
Proven experience writing complex hunting, detection, or correlation logic using XQL, SQL, KQL, SPL, or similar query languages.
Ability to translate low-fidelity signals, alerts, incidents, threat intelligence, and coverage gaps into high-fidelity hunting logic and reusable detection opportunities.
Experience creating, tuning, or validating hunting and detection content, including scheduled queries, analytics rules, BIOCs, correlation rules, or similar detection logic.
Strong understanding of detection quality concepts, including true-positive and false-positive analysis, signal-to-noise ratio, tuning, coverage gaps, and operational scalability.
Strong analytical, research, documentation, and communication skills, with the ability to clearly explain technical findings, detection assumptions, and coverage limitations.
Self-starter with strong attention to detail, ownership mindset, and ability to work independently in a fast-changing environment.
Preferred Qualifications
Python, SQL, notebooks, automation, or big-data hunting experience.
Experience with data science, statistics, anomaly detection, clustering, scoring, behavioral baselining, or other analytical hunting techniques.
Our Commitment
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.
We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at [email protected].
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
All your information will be kept confidential according to EEO guidelines.
Is role eligible for Immigration Sponsorship? No. Please note that we will not sponsor applicants for work visas for this position.