Sr. Staff Product Security Engineer (PSIRT)

About the position

As a Senior Staff PSIRT Engineer, you will play a critical role in protecting Palo Alto Networks products and services by leading complex vulnerability investigations and response efforts from start to finish. You will serve as a senior technical expert in the Product Security Incident Response Team (PSIRT), driving deep technical analysis, root cause determination, and remediation guidance for product security issues. This role demands a high level of technical acumen, cross-functional collaboration, and the ability to navigate sensitive situations with both internal teams and external stakeholders such as customers, security researchers, and industry partners.

Responsibilities

• Lead the technical investigation of reported security vulnerabilities in products and cloud offerings, including reproduction, impact analysis, and severity scoring (e.g., CVSS).
• Drive root cause analysis and partner with product engineering teams to develop, validate, and verify remediations.
• Collaborate closely with product, engineering, legal, privacy, support, sales, and threat intelligence teams to ensure aligned vulnerability handling and response strategies.
• Engage directly with customers, security researchers, and industry partners to discuss vulnerability details, mitigation steps, and disclosure timelines.
• Maintain deep familiarity with industry vulnerability handling standards and organizations such as CNA, NIST, FIRST, and OpenSSF.
• Contribute to the continuous improvement of PSIRT workflows, automation, and tooling to accelerate vulnerability detection, analysis, and remediation.
• Mentor junior engineers in vulnerability research, triage, and incident response methodologies.
• Produce high-quality technical documentation, incident reports, and executive summaries for both internal and external audiences.
• Stay up-to-date on emerging threats, exploitation techniques, and security research trends to proactively strengthen product security posture.

Requirements

• 4+ years in product security, application security, vulnerability research, or related fields, with significant hands-on experience in vulnerability investigation and exploitation analysis.
• Strong expertise in reverse engineering, debugging, and secure software development practices.
• Demonstrated ability to reproduce, analyze, and assess the exploitability of complex vulnerabilities in large-scale systems or cloud environments.
• Deep familiarity with CVSS, CVE, and public vulnerability databases.
• Experience handling responsible disclosure and coordinating with external researchers and industry partners.
• Practical knowledge of secure coding guidelines, memory corruption mitigation, and common vulnerability classes (e.g., buffer overflows, SQLi, XSS, deserialization).
• Strong written and verbal communication skills, including the ability to clearly articulate technical risk to diverse audiences.
• Experience working in fast-paced environments with strict SLAs for vulnerability response.

Benefits

• FLEXBenefits wellbeing spending account with over 1,000 eligible items selected by employees.
• Mental and financial health resources.
• Personalized learning opportunities.