Who you are

• Degree in Computer Science or related fields, or equivalent experience
• 7+ years of experience in data science or LLM applications with a focus on cybersecurity
• Strong data science skills, including a proven track record applying the techniques to real-world problems
• Understanding of practical networking, security, and their intersection along with an enthusiasm to keep learning about these domains from highly experienced experts
• Experience in Python and data science libraries and tools (Scikit-Learn, Keras, PyTorch, Tensorflow, Pandas, Polars, Spark, DuckDB)
• Experience in LLM frameworks such as langchain, langgraph, llamaindex, chroma or similar
• Experience using LLMs to tackle cybersecurity use cases
• Excellent communication skills to work effectively in a team
• Strong appreciation for our core values: low ego results, tireless service, and applied curiosity
• Knowledge of information security processes; especially threat detection and incident response, and of the cybersecurity product landscape
• Experience with local deployments and fine-tuning of Small Language Models (SLMs)
• Experience in designing and implementing data pipelines using DuckDB
• Experience with cloud computing, especially Databricks and AWS Services (EC2, S3, Cloudwatch)
• Experience using Docker and/or Kubernetes, and containerized applications
• Experience using feature stores and ML frameworks like Kubeflow, Cortex, Seldon, or BentoML
• Experience with experiment tracking and reproducibility tools
• Experience adopting an Agile development methodology and working in a distributed team

What the job involves

• We are building a world class and uniquely targeted team to drive research through data science and security expertise
• The ideal candidate will use their strong analytic skills and awareness of network and cloud security data to drive novel, durable, and effective threat detection
• Corelight can define the data our sensors generate, you will have the opportunity to contribute to how we extend the data itself to enable new types of analysis as needed
• You will be able to look back a year from now and say two things with pride: first, “I helped to build that.” and second, “We are generating insights that no one else in the world has achieved.” As a Network Security Data Scientist within Corelight Labs, you will work closely with network security experts and machine learning engineers to develop visibility and detection models and LLM applications for network security
• You will play a crucial role in leveraging data generated from tools like Zeek, Suricata, and Yara to drive our AI/ML product offerings forward
• Contribute to the full range of stages of AI/ML projects, from explorations to productization
• Identify apt opportunities to apply supervised and unsupervised techniques to robustly detect a wealth of behaviors, in the face of a range of real-world constraints
• Build agentic applications and customize LLMs with RAG or fine-tuning and to tackle advanced network security use cases
• Leverage network traffic logs to create models for behavioral detection of TTPs with low FP rates
• Evaluate and refine algorithms against data-at-scale gathered from operational environments
• Work with ML engineers and network security experts to implement scalable AI/ML pipelines
• Work in an Agile development team focused on exploring and delivering AI/ML use cases
• Participate in technical discussions within the Labs team and collaborate with other teams across the organization
• Author key materials to (a) share network security insights with the community, and (b) guide analysts in employing the models you develop and lead

The application process

• Towards the end of our interview process is an in-person interview