Professional Services Resident Engineer

By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks. 

Corelight is the cybersecurity company that transforms network and cloud activity into evidence.  Evidence that elite defenders use to proactively hunt for threats, accelerate response to cyber incidents, gain complete network visibility and create powerful analytics using machine-learning and behavioral analysis tools.  Easily deployed, and available in traditional and SaaS-based formats, Corelight is the fastest-growing Network Detection and Response (NDR) platform in the industry.  And we are the only NDR platform that leverages the power of Open Source projects in addition to our own technology to deliver Intrusion Detection (IDS), Network Security Monitoring (NSM), and Smart PCAP solutions.  We sell to some of the most sensitive, mission critical large enterprises and government agencies in the world.

We are looking for a Staff Resident Engineer to join our Professional Services Team, reporting to the Director of Professional Services. In this role, the main focus is to prepare and validate equipment configurations for new installations, develop content for anomaly and hunt detections, assess the overall health of the Corelight infrastructure at the client's location.  

You're the ideal candidate if you are a strategic thinker with a strong networking and security background, work well independently, and are results-driven.

What you'll do: 

• Implementation, integration, and migration planning
• Execute projects in a timely and well communicated manner
• Network-related testing to ensure Corelight products operate correctly
• Validation testing of Corelight products
• Ongoing, informal, knowledge transfer

Support and plan for Corelight migrations, including assistance with:

• Developing strategy and planning for deployment
• Miscellaneous Zeek scripting support 
• Miscellaneous Suricata scripting and tuning
• Participation in Architecture extensions for other functional areas
• Documenting how to export data to the SIEM (Splunk, Elastic, etc)
• Documenting the process for importing of data (MISP, Intel, etc)
• Developing custom content for Hunt based on customer defined use cases
• Developing playbooks for SOC/IR workflow automation based on Corelight data
• Leading project status meetings and wrap-up/post-mortem meetings

Tools development, including:

• Record management process templates and documentation
• Develop tools/scripts as necessary to import/verify data

What you'll bring: 

• US Citizen
• 8+ years of experience
• Extensive experience with a SOC environment 
• Zeek/Corelight experience is a plus
• Security and/or Networking related certification(s)
• Demonstrated expertise in Linux/UNIX, IDS/IPS, SIEM, networking, and service management
• Strong briefing skills; experience interacting with executive level management
• Ad-hoc (as requested) written summary reports on equipment and security problems
• Equipment test plans and results
• Feature and functionality test plans
• Network diagrams
• Operations and support procedures
• Technical input to major service outage root cause analysis and corrective action reports

What success looks like:

In the first six months, you will...

• Become integrated with your customer and Corelight processes and procedures
• Understand your customer's technical needs and requirements and recommend solutions
• Work directly with your Corelight team and manager on potential up-sell of products
• Complete all required Corelight federal and technical training

After the first year, you will...

• Receive successful customer satisfaction surveys
• Work toward renewal of the Resident Engineer