Security Researcher - Cloud


Corelight logo


Disrupt future attacks with complete network visibility, next-level analytics, faster investigations, and expert threat hunting.
Find more jobs like this

By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks. 

Corelight is the cybersecurity company that transforms network and cloud activity into evidence.  Evidence that elite defenders use to proactively hunt for threats, accelerate response to cyber incidents, gain complete network visibility and create powerful analytics using machine-learning and behavioral analysis tools.  Easily deployed, and available in traditional and SaaS-based formats, Corelight is the fastest-growing Network Detection and Response (NDR) platform in the industry.  And we are the only NDR platform that leverages the power of Open Source projects in addition to our own technology to deliver Intrusion Detection (IDS), Network Security Monitoring (NSM), and Smart PCAP solutions.  We sell to some of the most sensitive, mission critical large enterprises and government agencies in the world.

Role and Opportunity

We are building a world class and uniquely targeted team to drive research through data science. The ideal candidate will use their strong data science skills and an awareness of network security data to drive novel, durable, and effective threat detection. Beyond that, this person will define and build the data science technology stack needed to both build the team and enable new data-driven insights. Most uniquely, because Corelight can define the data our sensors generate, you will be able to help scope how we extend the data itself to enable new types of analysis as needed. You will be able to look back a year from now and say two things with pride: first, “I helped to build that.” and second, “We are generating insights that no one else in the world has achieved.”


  • Work with Vern Paxson (creator of Zeek, UC Berkeley Professor and world renowned network security researcher) and with a world-class team of network security experts
  • Analyze TTPs (using live network traffic) to create data-driven, tunable models for behavioral detection with low FP rates. Iterate those models based on customer engagement
  • Specify improvements to the data itself (e.g. new / different protocol parsers, data augmentation) that will enable unique insights and superior threat detection
  • Drive advances in the analytics tools and frameworks (e.g. across structured detection algorithms, machine learning, artificial intelligence, behavioral analysis) both for our growing research team and in the Corelight Sensor, to create and execute those models
  • Work closely with product management and engineering to guide implementation of the data and analytics improvements into the core product
  • Author key materials to share (a) attack insights with the security community, and (b) guide customers in employing your security models


  • MS in Computer Science, Engineering, or equivalent experience.  Cloud security certifications are preferred
  • Cloud: Strong knowledge of building and securing cloud environments both virtual and containerized.  Working knowledge of investigation and incident response processes for cloud environments.  AWS experience is preferred 
  • Analysis: Strong structural modeling, machine learning and/or statistical modeling expertise, including applying the techniques to real world problems. Experience with tools and environments such as R, Python/Pandas, Matlab/Octave, Tensorflow, Spark
  • Security: Knowledge of corporate security investigation and incident response processes, especially in cloud environments. Awareness of threat TTP’s including the MITRE ATT&CK Framework
  • Networking: Working knowledge of networking concepts and network protocols such as TCP/IP, HTTP, TLS, RPC, DNS, SMB, Kerberos
  • Cloud Operations: Working knowledge of cloud infrastructure such as containerization, deployment via infrastructure as code, service meshes
  • Coding: Experience coding across common languages

A note on experience

We understand that no candidate is perfectly qualified for any job. Experience comes in different forms; many skills are transferable; and passion goes a long way. Even more important than your resume is a clear demonstration of skill, dedication, and the ability to thrive in a fluid and collaborative environment. We want you to learn new things in this role, and we encourage you to apply if your experience is close to what we’re looking for.

Diversity of background and thought makes for better problem solving and more creative thinking, which is why we're dedicated to adding new perspectives to the team.

Working at Corelight 

We are proud of our culture and values - driving diversity of background and thought, low-ego results, applied curiosity and tireless service to our customers and community.  Corelight is committed to a geographically dispersed yet connected employee base with employees working from home and office locations around the world.  Fueled by an accelerating revenue stream, and investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight - we are rapidly expanding our team.  


Check us out at


Tags: Analytics Artificial Intelligence AWS Cloud Computer Science DNS IDS Incident response Intrusion detection Kerberos Machine Learning Matlab MITRE ATT&CK Monitoring Network security NSM Octave Open Source PCAP Python SaaS TCP/IP Threat detection TLS TTPs

Region: Remote/Anywhere
Job stats:  28  3  0

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.