Network Security Data Scientist

Do you want to help make the world safe from cyber attack? 

At Corelight, we believe that the best approach to cybersecurity risk starts with the network.  Attackers can evade endpoint detection, firewalls and many other technologies - but they can’t avoid leaving digital footprints on the networks they traverse.  Built on open-source innovations from Zeek, Suricata and YARA and refined through years of real-world use,  Corelight transforms network footprints from physical, virtual and cloud networks into actionable insights.   Our customers use these insights to speed incident response and proactively hunt for threats.  

We are building a world class and uniquely targeted team to drive research through data science and security expertise. The ideal candidate will use their strong analytic skills and awareness of network and cloud security data to drive novel, durable, and effective threat detection.  Corelight can define the data our sensors generate, you will have the opportunity to contribute to how we extend the data itself to enable new types of analysis as
needed. You will be able to look back a year from now and say two things with pride: first, “I helped to build that.” and second, “We are generating insights that no one else in the world has achieved.”

 

As a Network Security Data Scientist within Corelight Labs, you will work closely with network security experts and machine learning engineers to develop visibility and detection models and LLM applications for network security. You will play a crucial role in leveraging data generated from tools like Zeek, Suricata, and Yara to drive our AI/ML product offerings forward.

Responsibilities

• Contribute to the full range of stages of AI/ML projects, from explorations to productization.

• Identify apt opportunities to apply supervised and unsupervised techniques to robustly detect a wealth of behaviors, in the face of a range of real-world constraints

• Build agentic applications and customize LLMs with RAG or fine-tuning and to tackle advanced network security use cases.

• Leverage network traffic logs to create models for behavioral detection of TTPs with low FP rates.

• Evaluate and refine algorithms against data-at-scale gathered from operational environments. 

• Work with ML engineers and network security experts to implement scalable AI/ML pipelines.

• Work in an Agile development team focused on exploring and delivering AI/ML use cases.

• Participate in technical discussions within the Labs team and collaborate with other teams across the organization.

• Author key materials to (a) share network security insights with the community, and (b) guide analysts in employing the models you develop and lead.

Minimum Qualifications

• Degree in Computer Science or related fields, or equivalent experience.

• 3+ years of experience in data science or LLM applications with a focus on cybersecurity.

• Strong data science skills, including a proven track record applying the techniques to real-world problems.

• Understanding of practical networking, security, and their intersection along with an enthusiasm to keep learning about these domains from highly experienced experts.

• Experience in Python and data science libraries and tools (Scikit-Learn, Keras, PyTorch, Tensorflow, Pandas, Polars, Spark, DuckDB).

• Experience in LLM frameworks such as langchain, langgraph, llamaindex, chroma or similar.

• Experience using LLMs to tackle cybersecurity use cases.

• Excellent communication skills to work effectively in a team.

• Strong appreciation for our core values: low ego results, tireless service, and applied curiosity.

Preferred Qualifications

• Knowledge of information security processes; especially threat detection and incident response, and of the cybersecurity product landscape.

• Experience with local deployments and fine-tuning of Small Language Models (SLMs).

• Experience in designing and implementing data pipelines using DuckDB.

• Experience with cloud computing, especially Databricks and AWS Services (EC2, S3, Cloudwatch)

• Experience using Docker and/or Kubernetes, and containerized applications.

• Experience using feature stores and ML frameworks like Kubeflow, Cortex, Seldon, or BentoML.

• Experience with experiment tracking and reproducibility tools.

• Experience adopting an Agile development methodology and working in a distributed team.

 

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry.  Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide.   We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks.    Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world.   At Corelight, we are proud of our diversity of background and thought, and we’re united by our strong shared culture and values.

We are looking forward to meeting you.  Check us out at www.corelight.com

 

Notice of Pay Transparency:
The compensation for this position may vary depending on factors such as your location, skills and experience. Depending on the nature and seniority of the role, a percentage of compensation may come in the form of a commission-based or discretionary bonus. Equity and additional benefits will also be awarded.

Compensation Range$153,000—$188,000 USD