Senior Threat Researcher

Corelight defends the world’s most sensitive networks—from global commerce to national defense—quietly, relentlessly, and with resolve. As cyber threats grow faster and smarter, we serve as the trusted force behind network resilience, putting elite defense within reach.

By transforming digital footprints from physical, virtual, and cloud networks into actionable insights, we empower defenders to illuminate blind spots and stay ahead of an evolving threat landscape. Built on open-source innovations and fueled by industry leading agentic AI technology, Corelight helps teams to detect advanced threats and close cases with unprecedented clarity and precision.

• →Architect AI-Driven Detections: Lead the independent delivery of high-quality research and code for complex network detections, authoring clear design documents that articulate technical trade-offs to stakeholders.
• →Bridge Detection & Data Science: Act as the network security subject matter expert for ML/AI teams, pinpointing critical signals within telemetry (Zeek, NetFlow, PCAPs) to drive feature engineering and model training.
• →Simulate Adversary Behavior: Utilize offensive frameworks like Caldera and Cobalt Strike to generate the synthetic lab data necessary to train and validate robust, real-world ML models.
• →Roadmap Alignment: Align individual research and prototyping tasks with quarterly milestones and the overarching 12-month roadmap to ensure maximum product impact.
• →Optimize Research Workflows: Identify gaps in current processes and actively propose improvements to team-level tools, testing frameworks, and documentation to increase overall velocity.
• →Mentor and Uplevel: Guide newer team members and interns through technical workflows and conduct constructive research reviews to maintain a high standard of collective output.

• Network Protocol Mastery: Deep competence in the OSI model and TCP/IP, with the ability to map emerging adversary tactics to quantitative detection strategies across protocols like HTTP/S, DNS, SMB, and TLS.
• Data Science Translation: A strong understanding of the practical application of ML for behavioral data, including the ability to navigate challenges like model drift, false positives, and latency.
• Network Telemetry Expertise: Proficiency in extracting and transforming network logs (Zeek, Suricata) using Python and SQL to identify subtle indicators of C2 beaconing or lateral movement.
• Offensive Security Insight: Familiarity with Red Team operations and the ability to reverse-engineer attacker behaviors into programmatic detection logic.
• Product-Centered Thinking: The ability to navigate ambiguity and ensure technical research projects directly support long-term product objectives and milestones.
• Effective Technical Liaison: A proactive communicator who can simplify complex AI concepts for security stakeholders while providing deep domain context to data science peers.
• Collaborative Mentorship: A low-ego approach to peer review and a commitment to elevating team capability through shared knowledge and constructive feedback.

• Professional Experience: 5+ years of experience in Threat Research, Detection Engineering, or Network Threat Hunting.
• Technical Proficiency: Extensive experience analyzing network traffic with Zeek/Bro, Suricata, and Wireshark.
• Scripting & Data: Strong working knowledge of Python and SQL for manipulating and analyzing massive datasets.
• Security Domain Knowledge: Proficiency in mapping detections to the MITRE ATT&CK framework and simulating threats with offensive security tools.
• Autonomy: Demonstrated ability to act independently on moderate-to-complex projects, exercising strong judgment in selecting technical methods.
• Education: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Data Science, or equivalent practical experience.

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry. Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide. We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world. At Corelight, we take pride in the diversity of our backgrounds and perspectives, and we are committed to fostering an inclusive environment that strengthens our company. By embracing a wide range of experiences, backgrounds, neurodiversity, talents, and approaches to problem-solving, we aim to create a workplace where everyone can thrive and contribute their best.

We are looking forward to meeting you. Check us out at www.corelight.com