Professional Services Engineer - (TS/SCI Full Poly)

Job Description

Corelight is seeking a Staff Resident Professional Services Engineer to join its Federal Professional Services team. This role, reporting to the manager of Professional Services, is based in the DC, Maryland, Virginia (DMV) area and requires a TS/SCI Clearance with Full Scope Polygraph. The ideal candidate will be a strategic thinker with a strong networking and security background, capable of working independently and driven by results. Responsibilities:

• Help customers improve their cybersecurity posture, with a particular focus on process optimization.
• Help investigate incidents.
• Educate on Zeek Log use, including as it relates to Corelight Suricata alerts.
• Design and implement technical solutions with ecosystem partners.
• Implement queries and dashboards in SIEMs - Splunk, Elastic, Humio, etc.
• Influence customers and Corelight teams and be seen as a technical expert.
• Conduct network-related testing to ensure Corelight products operate correctly.
• Perform validation testing of Corelight products.
• Provide ongoing, informal, knowledge transfer.
• Collaborate with product management on product features/integrations.
• Work with back-end tools like Kafka and Logstash.
• Documenting the process for importing of data (MISP, Intel, etc).
• Developing custom content for threat hunting use cases as defined by the customer.
• Developing playbooks for SOC/IR workflow automation based on Corelight data.
• Ad-hoc (as requested) written summary reports on equipment and security problems.
• Technical input to major service outage root cause analysis and corrective action reports.
• Leading project status meetings and wrap-up/post-mortem meetings.
• Some on-site work required.

Requirements:

• US Citizen.
• TS/SCI Full Scope Poly Required.
• 5+ years of experience in cybersecurity (Prior startup experience preferred).
• Extensive experience with a SOC environment.
• Zeek/Corelight experience is a plus.
• Security and/or Networking related certification(s).
• Demonstrated expertise in Windows/MacOS/Linux/Unix operating systems, IDS/IPS, Network administration, firewall configuration, and strong knowledge of TCP/IP.
• SIEM experience (Splunk required, others a bonus).
• Scripting in (some of) Zeek, Bash, Python, Perl, Powershell, etc.
• Strong briefing skills; experience interacting with SES/general officer-level management.

Corelight offers:

• Opportunity to work on cutting-edge cybersecurity solutions.
• A collaborative, inclusive, and growth-oriented culture.