Senior Threat Researcher

At Corelight, we don't just find threats; we decode the language of the network to stay steps ahead of the adversary. As a Senior Threat Researcher, you sit at the strategic intersection of our Detection Engineering and Machine Learning (ML) teams. You are the "expert bridge"—translating complex attacker behaviors into the high-fidelity data signals that power our advanced AI models. By leveraging your deep understanding of network traffic and threat actor psychology, you will guide our data scientists to solve concrete security challenges, ensuring our detections are not just innovative, but devastatingly effective against real-world attacks.

Specific Responsibilities:

• Architect AI-Driven Detections: Lead the independent delivery of high-quality research and code for complex network detections, authoring clear design documents that articulate technical trade-offs to stakeholders.
• Bridge Detection & Data Science: Act as the network security subject matter expert for ML/AI teams, pinpointing critical signals within telemetry (Zeek, NetFlow, PCAPs) to drive feature engineering and model training.
• Simulate Adversary Behavior: Utilize offensive frameworks like Caldera and Cobalt Strike to generate the synthetic lab data necessary to train and validate robust, real-world ML models.
• Roadmap Alignment: Align individual research and prototyping tasks with quarterly milestones and the overarching 12-month roadmap to ensure maximum product impact.
• Optimize Research Workflows: Identify gaps in current processes and actively propose improvements to team-level tools, testing frameworks, and documentation to increase overall velocity.
• Mentor and Uplevel: Guide newer team members and interns through technical workflows and conduct constructive research reviews to maintain a high standard of collective output.

Knowledge/Skills/Abilities needed to be successful:

• Network Protocol Mastery: Deep competence in the OSI model and TCP/IP, with the ability to map emerging adversary tactics to quantitative detection strategies across protocols like HTTP/S, DNS, SMB, and TLS.
• Data Science Translation: A strong understanding of the practical application of ML for behavioral data, including the ability to navigate challenges like model drift, false positives, and latency.
• Network Telemetry Expertise: Proficiency in extracting and transforming network logs (Zeek, Suricata) using Python and SQL to identify subtle indicators of C2 beaconing or lateral movement.
• Offensive Security Insight: Familiarity with Red Team operations and the ability to reverse-engineer attacker behaviors into programmatic detection logic.
• Product-Centered Thinking: The ability to navigate ambiguity and ensure technical research projects directly support long-term product objectives and milestones.
• Effective Technical Liaison: A proactive communicator who can simplify complex AI concepts for security stakeholders while providing deep domain context to data science peers.
• Collaborative Mentorship: A low-ego approach to peer review and a commitment to elevating team capability through shared knowledge and constructive feedback.

Qualifications/Requirements:

• Professional Experience: 5+ years of experience in Threat Research, Detection Engineering, or Network Threat Hunting.
• Technical Proficiency: Extensive experience analyzing network traffic with Zeek/Bro, Suricata, and Wireshark.
• Scripting & Data: Strong working knowledge of Python and SQL for manipulating and analyzing massive datasets.
• Security Domain Knowledge: Proficiency in mapping detections to the MITRE ATT&CK framework and simulating threats with offensive security tools.
• Autonomy: Demonstrated ability to act independently on moderate-to-complex projects, exercising strong judgment in selecting technical methods.
• Education: Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Data Science, or equivalent practical experience.