Security Researcher

Corelight is an early-stage cybersecurity startup based in downtown San Francisco, with offices in Columbus, OH and Santa Clara, CA. We secure some of the most sensitive and mission-critical networks in the world, and our rapidly growing customer base includes eight of the Fortune 50.  We help our customers know their networks better than anyone else, delivering insight that dramatically shifts the way that SOCs react to, and defend against, attacks. Corelight provides vital assistance at every phase, from alert to response and beyond, through rich, structured, pivotable data.

Our culture is open and accepting. We incorporate data, ideas, and evidence from anywhere, and use them to drive success. We take thoughtful risks and build on each other’s work to uncover the best ideas. We serve our customers, the open-source community, and each other.

Role and Opportunity

We are building a world class and uniquely targeted team to drive research through data science. The ideal candidate will use their strong data science skills and an awareness of network security data to drive novel, durable, and effective threat detection. Beyond that, this person will define and build the data science technology stack needed to both build the team and enable new data-driven insights. Most uniquely, because Corelight can define the data our sensors generate, you will be able to help scope how we extend the data itself to enable new types of analysis as needed. You will be able to look back a year from now and say two things with pride: first, “I helped to build that.” and second, “We are generating insights that no one else in the world has achieved.”

Opportunity

• Work with Vern Paxson (creator of Zeek, UC Berkeley Professor and world renowned network security researcher) and with a world-class team of network security experts
• Analyze TTPs (using live network traffic) to create data-driven, tunable models for behavioral detection with low FP rates. Iterate those models based on customer engagement
• Specify improvements to the data itself (e.g. new / different protocol parsers, data augmentation) that will enable unique insights and superior threat detection
• Drive advances in the analytics tools and frameworks (e.g. across structured detection algorithms, machine learning, artificial intelligence, behavioral analysis) both for our growing research team and in the Corelight Sensor, to create and execute those models
• Work closely with product management and engineering to guide implementation of the data and analytics improvements into the core product
• Author key materials to share (a) attack insights with the security community, and (b) guide customers in employing your security models

Qualifications

• MS in Computer Science, Engineering, or equivalent experience
• Analysis: Strong structural modeling, machine learning and/or statistical modeling expertise, including applying the techniques to real world problems. Experience with tools and environments such as R, Python/Pandas, Matlab/Octave, Tensorflow, Spark
• Security: Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation technologies. Awareness of threat TTP’s including the MITRE ATT&CK Framework
• Networking: Working knowledge of networking concepts and network protocols such as TCP/IP, HTTP, TLS, RPC, DNS, SMB, Kerberos
• Cloud: Working knowledge of cloud infrastructure such as containerization, deployment via infrastructure as code, service meshes
• Coding: Experience coding across common languages

A note on experience

We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of dedication, impact, and the ability to thrive in a fluid and collaborative environment. We want you to learn new things in this role, and we encourage you to apply if your experience is close to what we’re looking for.

We also know that diversity of background and thought makes for better problem solving and more creative thinking, which is why we're dedicated to adding new perspectives to the team.

Working at Corelight

In addition to helping to make networks safer around the world, Corelight is a great place to work. We provide competitive salaries, equity and benefits, but those are just table stakes. No matter where you're based, we aspire to make working here one the best experiences of your career.