Threat Researcher - Corelight San Francisco, CA, USA Bookmark Share Print 708 11 20

Listing Description

Corelight is an early-stage security startup based in downtown San Francisco and Columbus, OH. We secure some of the most sensitive and mission-critical networks in the world, and our rapidly-growing customer base includes eight of the Fortune 50. Based on the Zeek Network Security Monitor, a beloved and widely used open-source framework, Corelight Sensors transform high-volume network traffic into ‘rocket fuel’ for security analytics and operations. Following in the footsteps of successful open-source security companies such as Sourcefire and Tenable, Corelight's unfair market advantages include its founders: the inventor of Zeek and its key open-source committers. Join Corelight, and help us make the world's networks safer.

Role and Opportunity

We are building a world class and uniquely targeted team to drive threat research through data science. The ideal person - a founding member of this team - will use their strong data science skills and an awareness of network security data to drive novel, durable, and effective threat detection. Beyond that, this person will define and build the data science technology stack needed to both build the team and enable new data-driven insights. Most uniquely, because Corelight can define the data our sensors generate, you will be able to help scope how we extend the data itself to enable new types of analysis as needed. You will be able to look back a year from now and say two things with pride: first, “I helped build that from the ground up” and second, “we are generating insight that no one else in the world has achieved.”Opportunity:

*Work with Vern Paxson (creator of Bro, UC Berkeley Professor and world renowned network security researcher) and with mentorship from Richard Bejtlich (famed threat defense thought leader)

*Analyze TTPs (using live network traffic) to create data-driven, tunable models for behavioral detection with low FP rates. Iterate those models based on customer engagement.

*Specify improvements to the data itself (new / different parsers, data augmentation, etc) that will enable unique insights and superior threat detection

*Drive advances in the analytics tools and frameworks (across structured detection algorithms, machine learning, artificial intelligence, behavioral analysis, etc) both for our growing threat research team and in the Corelight Sensor, to create and execute those models

*Work closely with product management and engineering to guide implementation of the data and analytics improvements into the core product

*Author key materials to share (a) attack insights with the security community, and (b) guide customers in employing your security models.

Qualifications:

MS/PhD in Computer Science, Engineering, or similar computational discipline, e.g. physics, mathematics, or statistics (or equivalent experience)

Analysis: Strong structural modeling, machine learning and/or statistical modeling expertise, including applying the techniques to real world problems. Experience with tools and environments such as R, Python/Pandas, Matlab/Octave, Tensorflow, Spark, Map Reduce, SQL / noSQL

Security: Knowledge of corporate security investigation and incident response processes, along with malware detection and mitigation technologies. Awareness of threat TTP’s including the MITRE ATT&CK Framework.

Networking: Working knowledge of networking and network application concepts: TCP/IP, HTTP, TLS, RPC, DNS, SMB, Kerberos, etc.

Coding: Experience coding across common languages