What are the responsibilities and job description for the Professional Services Engineer - (TS/SCI Full Poly) with Security Clearance position at Corelight?
Summary
Do you want to help make the world safe from cyber attack? At Corelight, we believe that the best approach to cybersecurity risk starts with the network. Attackers can evade endpoint detection, firewalls and many other technologies - but they can’t avoid leaving digital footprints on the networks they traverse. Built on open-source innovations from Zeek, Suricata and YARA and refined through years of real-world use, Corelight transforms network footprints from physical, virtual and cloud networks into actionable insights. Our customers use these insights to speed incident response and proactively hunt for threats. Job Summary:
We are currently seeking a Staff Resident PSE to join our Federal Professional Services team, reporting to the manager of Professional Services. This role would be based in DC, Maryland, Virginia (DMV) area and requires a TS/SCI Clearance with Full Scope Polygraph. In this role, the main focus is to prepare and validate equipment configurations for new installations, develop content for anomaly and hunt detections, assess the overall health of the Corelight infrastructure at the client’s location. You’re the ideal candidate if you are a strategic thinker with a strong networking and security background, work well independently, and are results-driven. Key Responsibilities: Help customers improve their cybersecurity posture, with a particular focus on process
optimization
Help investigate incidents
Educate on Zeek Log use, including as it relates to Corelight Suricata alerts
Design and implement technical solutions with ecosystem partners (packet brokers,
asset managers, SOAR systems, etc.)
Implement queries and dashboards in SIEMs - Splunk, Elastic, Humio, etc.
Influence customers and Corelight teams and be seen as a technical expert
Conduct network-related testing to ensure Corelight products operate correctly
Perform validation testing of Corelight products
Provide ongoing, informal, knowledge transfer
Collaborate with product management on product features/integrations
Work with back-end tools like Kafka and Logstash
Documenting the process for importing of data (MISP, Intel, etc)
Developing custom content for threat hunting use cases as defined by the customer
Developing playbooks for SOC/IR workflow automation based on Corelight data
Ad-hoc (as requested) written summary reports on equipment and security problems
Technical input to major service outage root cause analysis and corrective action reports
Leading project status meetings and wrap-up/post-mortem meetings
Some on-site work required Qualifications: US Citizen
TS/SCI Full Scope Poly Required
5 years of experience in cybersecurity (Prior startup experience preferred)
Extensive experience with a SOC environment
Zeek/Corelight experience is a plus
Security and/or Networking related certification(s)
Demonstrated expertise in Windows/MacOS/Linux/Unix operating systems, IDS/IPS,
Network administration, firewall configuration, and strong knowledge of TCP/IP
SIEM Experience (Splunk Required, Others a Bonus)
Scripting in (some of) Zeek, Bash, Python, Perl, Powershell, etc.
Strong briefing skills; experience interacting with SES/general officer-level management
Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry. Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide. We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world. At Corelight, we take pride in the diversity of our backgrounds and perspectives, and we are committed to fostering an inclusive environment that strengthens our company.
Do you want to help make the world safe from cyber attack? At Corelight, we believe that the best approach to cybersecurity risk starts with the network. Attackers can evade endpoint detection, firewalls and many other technologies - but they can’t avoid leaving digital footprints on the networks they traverse. Built on open-source innovations from Zeek, Suricata and YARA and refined through years of real-world use, Corelight transforms network footprints from physical, virtual and cloud networks into actionable insights. Our customers use these insights to speed incident response and proactively hunt for threats. Job Summary:
We are currently seeking a Staff Resident PSE to join our Federal Professional Services team, reporting to the manager of Professional Services. This role would be based in DC, Maryland, Virginia (DMV) area and requires a TS/SCI Clearance with Full Scope Polygraph. In this role, the main focus is to prepare and validate equipment configurations for new installations, develop content for anomaly and hunt detections, assess the overall health of the Corelight infrastructure at the client’s location. You’re the ideal candidate if you are a strategic thinker with a strong networking and security background, work well independently, and are results-driven. Key Responsibilities: Help customers improve their cybersecurity posture, with a particular focus on process
optimization
Help investigate incidents
Educate on Zeek Log use, including as it relates to Corelight Suricata alerts
Design and implement technical solutions with ecosystem partners (packet brokers,
asset managers, SOAR systems, etc.)
Implement queries and dashboards in SIEMs - Splunk, Elastic, Humio, etc.
Influence customers and Corelight teams and be seen as a technical expert
Conduct network-related testing to ensure Corelight products operate correctly
Perform validation testing of Corelight products
Provide ongoing, informal, knowledge transfer
Collaborate with product management on product features/integrations
Work with back-end tools like Kafka and Logstash
Documenting the process for importing of data (MISP, Intel, etc)
Developing custom content for threat hunting use cases as defined by the customer
Developing playbooks for SOC/IR workflow automation based on Corelight data
Ad-hoc (as requested) written summary reports on equipment and security problems
Technical input to major service outage root cause analysis and corrective action reports
Leading project status meetings and wrap-up/post-mortem meetings
Some on-site work required Qualifications: US Citizen
TS/SCI Full Scope Poly Required
5 years of experience in cybersecurity (Prior startup experience preferred)
Extensive experience with a SOC environment
Zeek/Corelight experience is a plus
Security and/or Networking related certification(s)
Demonstrated expertise in Windows/MacOS/Linux/Unix operating systems, IDS/IPS,
Network administration, firewall configuration, and strong knowledge of TCP/IP
SIEM Experience (Splunk Required, Others a Bonus)
Scripting in (some of) Zeek, Bash, Python, Perl, Powershell, etc.
Strong briefing skills; experience interacting with SES/general officer-level management
Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry. Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide. We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world. At Corelight, we take pride in the diversity of our backgrounds and perspectives, and we are committed to fostering an inclusive environment that strengthens our company.
