Senior Forward Deployed Engineer
Remote
United States, Canada
$153,000 - $188,000/yearly
Senior Level
About the role
Who you are
- Strong appreciation and support for our core values: low ego results, tireless service, and applied curiosity
- 7+ years of experience in software deployment, systems engineering, or solutions engineering, with at least 2 years in a customer-facing role
- Proficiency in Linux/Unix systems, cloud platforms (AWS, Azure, GCP), distributed computing, SQL and NoSQL databases, and scripting (Python, Bash)
- Experience with network security tools (e.g., Zeek/Bro, Suricata, Wireshark) and NDR/SIEM integrations
- Knowledge of APIs (REST/GraphQL) and containerization (Docker, Kubernetes)
- Familiarity with cybersecurity concepts like encrypted traffic analysis, threat hunting, and behavioral detection
- Excellent communication skills, with the ability to collaborate with technical and non-technical stakeholders and influence solution design
- Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent experience
- Experience deploying Corelight products or open-source NDR tools (e.g., Zeek, Suricata)
- Background in SOC operations, incident response, or threat hunting
- Familiarity with AWS services (e.g., Lambda, API Gateway, S3) or equivalent cloud technologies
- Certifications such as CISSP, GIAC, or AWS Certified Solutions Architect
- Experience in developing and deploying SAAS applications is a huge plus
- Experience with analytics tools like Splunk or Elasticsearch
What the job involves
- As a Senior Forward Deployed Engineer on the Corelight Investigator team, you will be a technical bridge between our engineering organization and enterprise customers, deploying and optimizing Corelight’s Open NDR SaaS platform in client environments
- You will lead on-site or remote deployments, customize solutions to enhance threat hunting and incident response, and ensure seamless integration with customer SOC workflows
- Collaborating with product, engineering, and sales teams, you’ll drive customer success by delivering scalable, high-impact cybersecurity solutions while providing technical expertise and leadership in high-stakes environments
- Lead the deployment and configuration of Corelight Investigator, including sensor setup, data ingestion pipelines, and integration with SOC tools (e.g., Splunk, Elastic)
- Customize and optimize detection rules (e.g., Suricata, YARA, Zeek queries) and machine learning-driven analytics for threat detection, ransomware analysis, and encrypted traffic inspection
- Develop and implement custom scripts (e.g., Python) to extend Investigator’s capabilities, tailoring solutions to unique customer requirements
- Provide hands-on support for customer SOC teams during proof-of-concept investigations, demonstrating rapid triage, host isolation, and policy enforcement workflows
- Augment the development team by contributing to product development activities as necessary
- Troubleshoot and resolve complex deployment issues in diverse environments (on-premises, cloud, hybrid), ensuring high availability, scalability, and compliance (e.g., GDPR, FedRAMP)
- Collaborate with product and engineering teams to relay customer feedback, influencing the roadmap for Investigator features like behavioral analytics and cloud security
- Create deployment documentation, conduct training sessions, and contribute to customer success metrics by meeting deployment SLAs and satisfaction goals
- Mentor junior engineers and evangelize best practices for deployment, performance optimization, and customer engagement
About Corelight
Computer and Network Security
201-500
Corelight transforms network and cloud activity into evidence so that data-first defenders can stay ahead of ever-changing attacks.
Delivered by our open NDR platform, Corelight’s comprehensive, correlated evidence gives you unparalleled visibility into your network. This evidence allows you to unlock new analytics, investigate faster, hunt like an expert, and even disrupt future attacks.
Our on-prem and cloud sensors go anywhere to capture structured, industry-standard telemetry and insights that work with the tools and processes you already use. Corelight’s global customers include Fortune 500 companies, major government agencies, and research universities.
Get started >> https://www.corelight.com/contact
Senior Forward Deployed Engineer
Remote
United States, Canada
$153,000 - $188,000/yearly
Senior Level
About the role
Who you are
- Strong appreciation and support for our core values: low ego results, tireless service, and applied curiosity
- 7+ years of experience in software deployment, systems engineering, or solutions engineering, with at least 2 years in a customer-facing role
- Proficiency in Linux/Unix systems, cloud platforms (AWS, Azure, GCP), distributed computing, SQL and NoSQL databases, and scripting (Python, Bash)
- Experience with network security tools (e.g., Zeek/Bro, Suricata, Wireshark) and NDR/SIEM integrations
- Knowledge of APIs (REST/GraphQL) and containerization (Docker, Kubernetes)
- Familiarity with cybersecurity concepts like encrypted traffic analysis, threat hunting, and behavioral detection
- Excellent communication skills, with the ability to collaborate with technical and non-technical stakeholders and influence solution design
- Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent experience
- Experience deploying Corelight products or open-source NDR tools (e.g., Zeek, Suricata)
- Background in SOC operations, incident response, or threat hunting
- Familiarity with AWS services (e.g., Lambda, API Gateway, S3) or equivalent cloud technologies
- Certifications such as CISSP, GIAC, or AWS Certified Solutions Architect
- Experience in developing and deploying SAAS applications is a huge plus
- Experience with analytics tools like Splunk or Elasticsearch
What the job involves
- As a Senior Forward Deployed Engineer on the Corelight Investigator team, you will be a technical bridge between our engineering organization and enterprise customers, deploying and optimizing Corelight’s Open NDR SaaS platform in client environments
- You will lead on-site or remote deployments, customize solutions to enhance threat hunting and incident response, and ensure seamless integration with customer SOC workflows
- Collaborating with product, engineering, and sales teams, you’ll drive customer success by delivering scalable, high-impact cybersecurity solutions while providing technical expertise and leadership in high-stakes environments
- Lead the deployment and configuration of Corelight Investigator, including sensor setup, data ingestion pipelines, and integration with SOC tools (e.g., Splunk, Elastic)
- Customize and optimize detection rules (e.g., Suricata, YARA, Zeek queries) and machine learning-driven analytics for threat detection, ransomware analysis, and encrypted traffic inspection
- Develop and implement custom scripts (e.g., Python) to extend Investigator’s capabilities, tailoring solutions to unique customer requirements
- Provide hands-on support for customer SOC teams during proof-of-concept investigations, demonstrating rapid triage, host isolation, and policy enforcement workflows
- Augment the development team by contributing to product development activities as necessary
- Troubleshoot and resolve complex deployment issues in diverse environments (on-premises, cloud, hybrid), ensuring high availability, scalability, and compliance (e.g., GDPR, FedRAMP)
- Collaborate with product and engineering teams to relay customer feedback, influencing the roadmap for Investigator features like behavioral analytics and cloud security
- Create deployment documentation, conduct training sessions, and contribute to customer success metrics by meeting deployment SLAs and satisfaction goals
- Mentor junior engineers and evangelize best practices for deployment, performance optimization, and customer engagement
About Corelight
Computer and Network Security
201-500
Corelight transforms network and cloud activity into evidence so that data-first defenders can stay ahead of ever-changing attacks.
Delivered by our open NDR platform, Corelight’s comprehensive, correlated evidence gives you unparalleled visibility into your network. This evidence allows you to unlock new analytics, investigate faster, hunt like an expert, and even disrupt future attacks.
Our on-prem and cloud sensors go anywhere to capture structured, industry-standard telemetry and insights that work with the tools and processes you already use. Corelight’s global customers include Fortune 500 companies, major government agencies, and research universities.
Get started >> https://www.corelight.com/contact