Corelight
Infrastructure Engineer/SRE
Job Summary
Corelight is seeking a candidate to work on security-focused network detection and response systems, including building and maintaining distributed research platforms and automation tools. The role involves working with cloud services, open source technologies, and programming in languages such as Go, Python, and Typescript. Candidates should have experience with network security monitoring, intrusion detection, and distributed systems. The company values diversity, low-ego results, and customer service, offering remote work and opportunities for growth within a fast-expanding team.
Required Skills
Benefits
Job Description
By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks.
Corelight is the cybersecurity company that transforms network and cloud activity into evidence. Evidence that elite defenders use to proactively hunt for threats, accelerate response to cyber incidents, gain complete network visibility and create powerful analytics using machine-learning and behavioral analysis tools. Easily deployed, and available in traditional and SaaS-based formats, Corelight is the fastest-growing Network Detection and Response (NDR) platform in the industry. And we are the only NDR platform that leverages the power of Open Source projects in addition to our own technology to deliver Intrusion Detection (IDS), Network Security Monitoring (NSM), and Smart PCAP solutions. We sell to some of the most sensitive, mission critical large enterprises and government agencies in the world.
Our Chief Scientist wrote Zeek (old Bro). He runs our team and is a hell of a guy. We've got a great director too. Our researchers build network detection features that run on and beside Zeek and Suricata both on the sensors and cloud. We try to build the infra and tools to help.
- We are building a distributed research platform for the Corelight Labs team to test detections and ML.
- We call that platform Polaris.
- Its made of up of real metal and a bit of cloud too (AWS, Azure).
- Polaris is monitored with Zeek, Prometheus, Alertmanager and can be visualized with Grafana.
- We run long-lived services on Kubernetes in EKS.
- We write our tools and automation in Go, Python, Typescript, Bash and loads of Git.
- We use GitOps to coordinate our automation and construct self-service tooling.
- We work closely with our SaaS, Security, Success and Engineering teams.
- We're small and try to support a greater team of ~35.
The Good
- We work with and support an amazing team of very smart, capable and genuinely fantastic people.
- Corelight is based in the Bay Area, but we're remote. Our team spans the globe.
- We usually get together in person once a year in person.
- We're growing our deployments. We’re planning on doubling our PoPs by 2025.
The Bad
- Standing up new PoPs can be slow. Lots of Layer 8 (TM)
The Ugly
- Managing distributed systems is tough. Sometimes administration is a pain.
Some of our upcoming projects:
- Collect system logs (eg: fluentd), consolidate to humio
- Loads of GItOps opportunities to automate work on the Platform
- Replace Duo MFA with YubiKey
- Scale our Wireguard hub deployment horizontally
- More resilient spokes in WG hub-and-spoke topology
A note on experience
We are proud of our culture and values - driving diversity of background and thought, low-ego results, applied curiosity and tireless service to our customers and community. Corelight is committed to a geographically dispersed yet connected employee base with employees working from home and office locations around the world. Fueled by an accelerating revenue stream, and investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight - we are rapidly expanding our team.
Check us out at www.corelight.com
Notice of Pay Transparency:
The compensation for this position may vary depending on factors such as your location, skills and experience. Depending on the nature and seniority of the role, a percentage of compensation may come in the form of a commission-based or discretionary bonus. Equity and additional benefits will also be awarded.
Corelight
Disrupt future attacks with complete network visibility, next-level analytics, faster investigations, and expert threat hunting.
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.