E-3 Visa Security Researcher Jobs
Security Researcher roles qualify for E-3 visa sponsorship as specialty occupations requiring a relevant bachelor's degree or higher. Australian professionals bring recognized expertise in vulnerability research, threat analysis, and offensive security, skills U.S. employers actively seek. The E-3 has no lottery, making sponsorship more predictable than the H-1B visa path.
Find E-3 Visa Security Researcher JobsOverview
Showing 5 of 38+ Security Researcher jobs
See all 38+ Security Researcher Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Security Researcher roles.
Get Access To All JobsLocation: Santa Clara, California, United States
Our Mission
At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.
Who We Are
In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!
We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.
Job Summary
Your Career
As a Sr Staff Security Researcher, you will work at the forefront of AI-assisted vulnerability research, focusing on the design, implementation, and improvement of AI/security harnesses for discovering, validating, understanding, and reporting high-impact vulnerabilities in real-world software and open-source projects. You will leverage LLMs, AI agents, fuzzing, static and dynamic analysis, reverse engineering, exploitability analysis, and security automation to build reliable workflows for vulnerability discovery, PoC generation, finding validation, patch validation, variant analysis, and remediation support.
Your Impact
This is a research-heavy role for a self-directed researcher-builder. The ideal candidate can independently identify high-impact security problems, build reliable harnesses and evaluation pipelines, analyze large-scale vulnerability data, and drive projects toward concrete outcomes such as improved harness capabilities, validated findings, technical reports, benchmarks, responsible disclosures, open-source tools, CVEs where appropriate, or production-impacting security workflows. We prioritize finding quality and research impact over raw vulnerability counts.
- Design, build, and improve AI/security harnesses for vulnerability research, with emphasis on reproducibility, validation quality, exploitability clarity, false-positive reduction, and stable evidence generation.
- Produce high-quality research and security artifacts, such as improved harness capabilities, validated findings, root-cause analyses, technical reports, benchmarks, internal research artifacts, open-source tools, responsible disclosures, publications, or CVEs where appropriate.
- Conduct deep technical analysis across real-world software and open-source projects, including reverse engineering, fuzzing, root-cause analysis, exploitability assessment, patch analysis, variant analysis, and PoC validation.
- Build reusable research infrastructure, including target setup automation, fuzzing harnesses, AI agent workflows, benchmark environments, validation oracles, triage pipelines, evaluation metrics, and maintainer-facing reporting workflows.
- Use LLMs, AI agents, fuzzing, static/dynamic analysis, program analysis, reverse engineering automation, and security automation to improve the quality, speed, coverage, and reliability of vulnerability research workflows.
- Analyze large-scale harness outputs, including successful findings, failed attempts, crash clusters, validation traces, false positives, patch comparisons, and target patterns, to identify new research opportunities and improve future harness capabilities.
Qualifications
Your Experience
Required Qualifications:
- Master's degree in Computer Science, Cybersecurity, or a related technical field, or equivalent practical experience.
- Demonstrated ability to independently drive a technical research project from problem formulation to implementation, evaluation, and written results.
- Evidence of original security research or high-signal technical output, such as CVEs, responsible disclosures, bug bounty findings, security conference papers, technical writeups, GitHub projects, fuzzers, harnesses, exploit analyses, AI/security benchmarks, open-source security tools, or comparable research artifacts.
- 5+ years of experience in vulnerability research, offensive security research, reverse engineering, fuzzing, exploit development, program analysis, security automation, or a closely related security research role.
- Demonstrated experience in one or more of the following: vulnerability research, reverse engineering, fuzzing, exploit development, root-cause analysis, exploitability assessment, PoC development, patch analysis, program analysis, or security tooling.
- Experience designing or building reproducible security experiments, including target setup, harness development, validation logic, oracle design, evaluation metrics, false-positive analysis, or reporting workflows.
- Strong programming skills. Strong knowledge of modern operating systems, network protocols, application security, software vulnerability classes, and common exploitation or validation techniques.
- Strong written communication skills, including the ability to document methods, evidence, limitations, reproduction steps, impact, and remediation guidance clearly.
Preferred Qualifications:
- PhD in Computer Science, Cybersecurity, AI/ML, Systems, Programming Languages, or a related field, or equivalent demonstrated research experience.
- Experience building AI agent harnesses, fuzzing harnesses, evaluation harnesses, vulnerability validation workflows, exploitability triage systems, patch validation pipelines, security benchmarks, or open-source vulnerability research tooling.
- Experience handling real vulnerabilities end-to-end, including target selection, environment setup, harnessing, reproduction, root-cause analysis, exploitability assessment, patch comparison, responsible disclosure, and maintainer communication.
- Knowledge of security in one or more of the following areas: Web Security, OS & Kernel Security, Browser Security, Software Supply Chain Security, OT/IoT Security, Network/Protocol Security, Cloud Security, Application Security, file parser security, or protocol parser security.
- Strong practical artifacts are highly valued. A public track record of security research, such as conference presentations, publications, CVEs, responsible disclosures, bug bounty results, technical blogs, GitHub projects, open-source security tools, AI/security benchmarks, agent frameworks, or security research artifacts.
- High-impact maintainer relationships, experience reporting vulnerabilities to major open-source projects, or a track record of clear, actionable, well-received vulnerability disclosures is a strong plus.
Compensation Disclosure
The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be the annual range listed below. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.
$139,600.00 - $225,775.00/yr
Our Commitment
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.
We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
All your information will be kept confidential according to EEO guidelines.
Is role eligible for Immigration Sponsorship?: Yes
Location: Santa Clara, California, United States
Our Mission
At Palo Alto Networks®, we’re united by a shared mission—to protect our digital way of life. We thrive at the intersection of innovation and impact, solving real-world problems with cutting-edge technology and bold thinking. Here, everyone has a voice, and every idea counts. If you’re ready to do the most meaningful work of your career alongside people who are just as passionate as you are, you’re in the right place.
Who We Are
In order to be the cybersecurity partner of choice, we must trailblaze the path and shape the future of our industry. This is something our employees work at each day and is defined by our values: Disruption, Collaboration, Execution, Integrity, and Inclusion. We weave AI into the fabric of everything we do and use it to augment the impact every individual can have. If you are passionate about solving real-world problems and ideating beside the best and the brightest, we invite you to join us!
We believe collaboration thrives in person. That’s why most of our teams work from the office full time, with flexibility when it’s needed. This model supports real-time problem-solving, stronger relationships, and the kind of precision that drives great outcomes.
Job Summary
Your Career
As a Sr Staff Security Researcher, you will work at the forefront of AI-assisted vulnerability research, focusing on the design, implementation, and improvement of AI/security harnesses for discovering, validating, understanding, and reporting high-impact vulnerabilities in real-world software and open-source projects. You will leverage LLMs, AI agents, fuzzing, static and dynamic analysis, reverse engineering, exploitability analysis, and security automation to build reliable workflows for vulnerability discovery, PoC generation, finding validation, patch validation, variant analysis, and remediation support.
Your Impact
This is a research-heavy role for a self-directed researcher-builder. The ideal candidate can independently identify high-impact security problems, build reliable harnesses and evaluation pipelines, analyze large-scale vulnerability data, and drive projects toward concrete outcomes such as improved harness capabilities, validated findings, technical reports, benchmarks, responsible disclosures, open-source tools, CVEs where appropriate, or production-impacting security workflows. We prioritize finding quality and research impact over raw vulnerability counts.
- Design, build, and improve AI/security harnesses for vulnerability research, with emphasis on reproducibility, validation quality, exploitability clarity, false-positive reduction, and stable evidence generation.
- Produce high-quality research and security artifacts, such as improved harness capabilities, validated findings, root-cause analyses, technical reports, benchmarks, internal research artifacts, open-source tools, responsible disclosures, publications, or CVEs where appropriate.
- Conduct deep technical analysis across real-world software and open-source projects, including reverse engineering, fuzzing, root-cause analysis, exploitability assessment, patch analysis, variant analysis, and PoC validation.
- Build reusable research infrastructure, including target setup automation, fuzzing harnesses, AI agent workflows, benchmark environments, validation oracles, triage pipelines, evaluation metrics, and maintainer-facing reporting workflows.
- Use LLMs, AI agents, fuzzing, static/dynamic analysis, program analysis, reverse engineering automation, and security automation to improve the quality, speed, coverage, and reliability of vulnerability research workflows.
- Analyze large-scale harness outputs, including successful findings, failed attempts, crash clusters, validation traces, false positives, patch comparisons, and target patterns, to identify new research opportunities and improve future harness capabilities.
Qualifications
Your Experience
Required Qualifications:
- Master's degree in Computer Science, Cybersecurity, or a related technical field, or equivalent practical experience.
- Demonstrated ability to independently drive a technical research project from problem formulation to implementation, evaluation, and written results.
- Evidence of original security research or high-signal technical output, such as CVEs, responsible disclosures, bug bounty findings, security conference papers, technical writeups, GitHub projects, fuzzers, harnesses, exploit analyses, AI/security benchmarks, open-source security tools, or comparable research artifacts.
- 5+ years of experience in vulnerability research, offensive security research, reverse engineering, fuzzing, exploit development, program analysis, security automation, or a closely related security research role.
- Demonstrated experience in one or more of the following: vulnerability research, reverse engineering, fuzzing, exploit development, root-cause analysis, exploitability assessment, PoC development, patch analysis, program analysis, or security tooling.
- Experience designing or building reproducible security experiments, including target setup, harness development, validation logic, oracle design, evaluation metrics, false-positive analysis, or reporting workflows.
- Strong programming skills. Strong knowledge of modern operating systems, network protocols, application security, software vulnerability classes, and common exploitation or validation techniques.
- Strong written communication skills, including the ability to document methods, evidence, limitations, reproduction steps, impact, and remediation guidance clearly.
Preferred Qualifications:
- PhD in Computer Science, Cybersecurity, AI/ML, Systems, Programming Languages, or a related field, or equivalent demonstrated research experience.
- Experience building AI agent harnesses, fuzzing harnesses, evaluation harnesses, vulnerability validation workflows, exploitability triage systems, patch validation pipelines, security benchmarks, or open-source vulnerability research tooling.
- Experience handling real vulnerabilities end-to-end, including target selection, environment setup, harnessing, reproduction, root-cause analysis, exploitability assessment, patch comparison, responsible disclosure, and maintainer communication.
- Knowledge of security in one or more of the following areas: Web Security, OS & Kernel Security, Browser Security, Software Supply Chain Security, OT/IoT Security, Network/Protocol Security, Cloud Security, Application Security, file parser security, or protocol parser security.
- Strong practical artifacts are highly valued. A public track record of security research, such as conference presentations, publications, CVEs, responsible disclosures, bug bounty results, technical blogs, GitHub projects, open-source security tools, AI/security benchmarks, agent frameworks, or security research artifacts.
- High-impact maintainer relationships, experience reporting vulnerabilities to major open-source projects, or a track record of clear, actionable, well-received vulnerability disclosures is a strong plus.
Compensation Disclosure
The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be the annual range listed below. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found here.
$139,600.00 - $225,775.00/yr
Our Commitment
We’re trailblazers that dream big, take risks, and challenge cybersecurity’s status quo. It’s simple: we can’t accomplish our mission without diverse teams innovating, together.
We are committed to providing reasonable accommodations for all qualified individuals with a disability. If you require assistance or accommodation due to a disability or special need, please contact us at accommodations@paloaltonetworks.com.
Palo Alto Networks is an equal opportunity employer. We celebrate diversity in our workplace, and all qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or other legally protected characteristics.
All your information will be kept confidential according to EEO guidelines.
Is role eligible for Immigration Sponsorship?: Yes
See all 38+ E-3 Visa Security Researcher Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new E-3 Visa Security Researcher Jobs.
Get Access To All JobsTips for Finding E-3 Visa Sponsorship in Security Researcher
Translate your Australian credentials for U.S. employers
Australian cybersecurity certifications like OSCP, CREST, and university degrees are recognized in the U.S., but frame them against NIST and MITRE ATT&CK frameworks. U.S. hiring managers evaluate candidates against these standards, so align your resume language accordingly.
Target employers with active government contracts
Federal contractors and defense primes, think aerospace, intelligence, and critical infrastructure firms, regularly sponsor E-3 visa holders for security researcher roles. Many already have immigration counsel on retainer, which shortens the time between offer and LCA filing.
Search specifically for E-3 sponsorship using Migrate Mate
Most job boards don't filter by visa type. Migrate Mate lets you search Security Researcher roles where employers have active E-3 sponsorship history, so you're applying to positions that already have a clear path to authorization.
Clarify your clearance eligibility before applying
Some security researcher roles require a U.S. security clearance, which Australian citizens can't hold. Identify whether a role needs clearance upfront, roles focused on commercial vulnerability research, red team engagements, or product security rarely require it.
Push your employer to file the LCA before your start date
The DOL must certify your Labor Condition Application before your consulate appointment. LCA certification typically takes seven business days, but your employer needs to initiate it well before your intended start date to avoid gaps in your timeline.
Use Migrate Mate's E-3 filing service to streamline your visa paperwork
Once you have a signed offer letter, use Migrate Mate's E-3 filing service to handle your LCA and visa paperwork end-to-end. This is especially useful for first-time E-3 applicants who haven't worked with a U.S. employer's HR or legal team before.
E-3 Visa Security Researcher: Frequently Asked Questions
How do I find Security Researcher jobs that offer E-3 visa sponsorship?
Most job postings don't specify E-3 sponsorship because employers often conflate it with H-1B. Use Migrate Mate to search Security Researcher roles filtered by employers with E-3 sponsorship history. From there, confirm sponsorship willingness directly during initial recruiter calls before investing time in the interview process.
How much does it cost to get an E-3 visa?
Migrate Mate's E-3 filing service covers the entire process for $499, including the Labor Condition Application, visa document preparation, and consulate appointment guidance. Traditional immigration lawyers charge $2,000–$5,000+ for the same work. The E-3 has less paperwork than most work visas, so paying thousands for legal help is usually unnecessary.
Does a Security Researcher role qualify as a specialty occupation for the E-3?
Yes, provided the role requires a bachelor's degree or higher in a directly related field such as computer science, cybersecurity, or information security. Roles focused on vulnerability research, penetration testing, malware analysis, or threat intelligence consistently meet the specialty occupation standard. Generalist IT support roles with a security component typically don't qualify.
How does the E-3 compare to the H-1B for Security Researcher roles?
The E-3 has a 10,500 annual cap that has never been reached, so there's no lottery and no random selection, your application is adjudicated on merit. The H-1B requires surviving a randomized lottery before any review occurs. For Australian security researchers, the E-3 offers a far more predictable path to U.S. employment without the uncertainty of multiple lottery rounds.
Can I switch Security Researcher employers while on an E-3?
Yes, but you need a new LCA certified by the DOL and a new visa stamp reflecting the new employer before you start working. If your current E-3 stamp is still valid for the same role classification, some consulates allow a streamlined interview. Plan for at least a few weeks between offer acceptance and your authorized start date with the new employer.