Be part of the team that defends the networks the world depends on

Corelight defends the world’s most sensitive networks—from global commerce to national defense—quietly, relentlessly, and with resolve. As cyber threats grow faster and smarter, we serve as the trusted force behind network resilience, putting elite defense within reach.

By transforming digital footprints from physical, virtual, and cloud networks into actionable insights, we empower defenders to illuminate blind spots and stay ahead of an evolving threat landscape. Built on open-source innovations and fueled by industry leading agentic AI technology, Corelight helps teams to detect advanced threats and close cases with unprecedented clarity and precision.

We are seeking a practitioner ready to make the move from the SOC to the classroom. Someone with genuine operational experience who has started finding ways to share what they know, and wants to build a career around it. You'll work alongside senior instructors to develop curriculum and run live training events, taking on increasing ownership as you grow in the role.

Responsibilities:

Contribute to curriculum development, keeping material current with real-world network-based attack patterns you've encountered operationally
Help build hands-on lab environments and CTF challenges that reflect realistic adversary behavior, not textbook scenarios
Co-facilitate and independently lead training sessions (virtual and in-person) for technically experienced audiences
Develop recorded, on-demand curriculum
Administer and optimize Learning Management Systems (Skilljar experience is a plus)
Educate students on the use and application of Corelight for threat hunting,incident response, and detection engineering
Use AWS and scripting to help maintain and improve lab infrastructure and provisioning workflows
Up to 50% travel expected

Qualifications:

3 to 5 years of hands-on experience in a SOC Tier II role, Incident Response, or threat hunting
1 to 2 years in mentorship, internal training, content creation, or knowledge-sharing in a security context
Familiarity with the MITRE ATT&CK framework applied to real investigations, not just as a reference
Meaningful experience with Zeek logs; you can follow an attack through the data and explain what you're seeing
Working knowledge of Suricata or Snort, including rules creation
Experience with at least one SIEM platform (Splunk, Elastic, or Sentinel)
Solid TCP/IP fundamentals and comfort reading packet captures
Windows/MacOS/Linux/Unix administration experience
Scripting ability in Python, Bash, Zeek-script, or PowerShell
Excellent verbal and written communication skills
Bachelor's degree in a technical field or equivalent experience
Prior startup experience preferred

Notice of Pay Transparency:
The compensation for this position may vary depending on factors such as your location, skills and experience. Depending on the nature and seniority of the role, a percentage of compensation may come in the form of a commission-based or discretionary bonus. Equity and additional benefits will also be awarded.

Compensation Range

$107,000—$153,000 USD

Why Join Us?

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is one of the fastest growing network detection and response platforms in the industry. Our passionate team thrives in a collaborative, inclusive, and geographically distributed culture. We embrace diverse perspectives, neurodiversity, curiosity and low ego results - fostering an environment where every innovator can solve the toughest challenges in cybersecurity and contribute their best work.

We are looking forward to meeting you. Check us out at www.corelight.com

Network Security Trainer

Job Details

Tools & Tech