Revolutionierender Schutz.

Our Mission

At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.

Who We Are

In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!

This role is remote, but distance is no barrier to impact. Our hybrid teams collaborate across geographies to solve big problems, stay close to our customers, and grow together. You will be part of a culture that values trust, accountability, and shared success where your work truly matters.

Job Summary

As a Senior Low-Level Software Engineer at Cortex, you will be a technical authority and an escalation point locally for the Cortex Cloud Windows endpoint agent. You will own the kernel- and user-mode components that deliver detection, prevention, and visibility across millions of Windows endpoints, and the deep-system engineering required to keep those components stable, performant, secure, and compatible across a highly fragmented OS and third-party ecosystem. This is a high-impact individual-contributor role. You will be responsible to handle critical field issues escalations from Technical Support teams, root cause analysis, interfacing with the support teams and occasionally with customers during live debug sessions. You will be part of a senior team responsible for the architectural integrity, runtime stability, and forensic debuggability of agent code paths that execute alongside the NT kernel and core OS subsystems - spanning multiple production kernel drivers, user-mode service, injection/hooking engine, and EDR module. Because our agent runs at the highest privilege levels on customer production machines, every defect is potentially a system-wide outage, a blue screen across a fleet, or a security exposure, so engineering rigor, defensive design, and disciplined debugging are non-negotiable.

• Serve as the local technical authority for critical field issues, providing a direct link between customer-facing support teams and the core R&D organization.
• Lead technical investigations for the highest-severity customer escalations, facilitating live debugging sessions in production-adjacent environments to expedite resolution.
• Synthesize complex technical findings into concise, compile RCA reports, actionable reports for Global Support, Product Management, and engineering leadership to inform prioritization, customer communication, and roadmap decisions.
• Design, implement, and maintain user-mode agent components and in some cases Windows kernel drivers.
• Work across the native interop boundary - low-level user-mode code injection, API hooking, NT Native API, etc.
• Drive defensive engineering practices so that an agent fault never bricks a customer endpoint - input validation at trust boundaries, graceful degradation, fail-open vs. fail-closed decisions, watchdog/self-healing mechanisms, etc.
• Identify and remediate functional regressions, performance regressions, and system instability (including bugchecks/BSODs) caused by interactions between the Cortex agent and third-party security software, competing EDR/AV products, virtualization layers, malicious drivers, and low-level system utilities.
• Use fleet-scale telemetry - crash signatures, BSOD bugcheck codes, content-update regression signals, and driver-conflict indicators - to detect emerging stability issues early, triage and root-cause across kernel, user mode, and third-party boundaries.
• Partner with the release and content pipelines (GitLab) to gate risky changes and to ensure new agent versions and content/policy updates do not introduce regressions on the diverse hardware and software configurations in the field.
• Own identification and resolution of kernel-mode and user-mode failures that threaten system stability or agent integrity. Perform deep analysis of complete, kernel, and minidumps using WinDbg to isolate race conditions, memory corruption, use-after-free, deadlocks, lock-order inversions, and pool corruption in production environments.
• Diagnose high-latency operations, CPU contention, and resource exhaustion by analyzing system-wide traces with ETW, Windows Performance Recorder & Analyzer (WPR/WPA), Performance Monitor, Process Monitor, and Process Explorer; drive the resulting optimizations into shipping code and verify the win with telemetry.
• Use and help refine internal AI agents via CLI and IDE integrations to accelerate low-level code analysis, automate patch and test generation (GoogleTest-based native unit tests), and speed up the parsing of complex diagnostic telemetry (crash dumps, ETW traces, driver logs, WPP/TMF traces).

Qualifications

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/com-missioned roles) is expected to be the annual range listed below. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.

- /yr

Our Commitment

We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.

We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at  accommodations@paloaltonetworks.com.

Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.

All your information will be kept confidential according to EEO guidelines.

Is role eligible for Immigration Sponsorship? No. Please note that we will not sponsor applicants for work visas for this position.