Senior Forward Deployed Engineer Investigator

Job description

Towards the end of our interview process is an in-person interview.

Do you want to help make the world safe from cyber attack?

At Corelight, we believe that the best approach to cybersecurity risk starts with the network. Attackers can evade endpoint detection, firewalls and many other technologies - but they can’t avoid leaving digital footprints on the networks they traverse. Built on open-source innovations from Zeek, Suricata and YARA and refined through years of real-world use, Corelight transforms network footprints from physical, virtual and cloud networks into actionable insights. Our customers use these insights to speed incident response and proactively hunt for threats.

Role

As a Senior Forward Deployed Engineer on the Corelight Investigator team, you will be a technical bridge between our engineering organization and enterprise customers, deploying and optimizing Corelight’s Open NDR SaaS platform in client environments. You will lead on-site or remote deployments, customize solutions to enhance threat hunting and incident response, and ensure seamless integration with customer SOC workflows. Collaborating with product, engineering, and sales teams, you’ll drive customer success by delivering scalable, high-impact cybersecurity solutions while providing technical expertise and leadership in high-stakes environments.

Responsibilities

• Lead the deployment and configuration of Corelight Investigator, including sensor setup, data ingestion pipelines, and integration with SOC tools (e.g., Splunk, Elastic).
• Customize and optimize detection rules (e.g., Suricata, YARA, Zeek queries) and machine learning-driven analytics for threat detection, ransomware analysis, and encrypted traffic inspection.
• Develop and implement custom scripts (e.g., Python) to extend Investigator’s capabilities, tailoring solutions to unique customer requirements.
• Provide hands-on support for customer SOC teams during proof-of-concept investigations, demonstrating rapid triage, host isolation, and policy enforcement workflows.
• Augment the development team by contributing to product development activities as necessary.
• Troubleshoot and resolve complex deployment issues in diverse environments (on-premises, cloud, hybrid), ensuring high availability, scalability, and compliance (e.g., GDPR, FedRAMP).
• Collaborate with product and engineering teams to relay customer feedback, influencing the roadmap for Investigator features like behavioral analytics and cloud security.
• Create deployment documentation, conduct training sessions, and contribute to customer success metrics by meeting deployment SLAs and satisfaction goals.
• Mentor junior engineers and evangelize best practices for deployment, performance optimization, and customer engagement.

Minimum Qualifications

• Strong appreciation and support for our core values: low ego results, tireless service, and applied curiosity.
• 7+ years of experience in software deployment, systems engineering, or solutions engineering, with at least 2 years in a customer-facing role.
• Proficiency in Linux/Unix systems, cloud platforms (AWS, Azure, GCP), distributed computing,  SQL and NoSQL databases, and scripting (Python, Bash).
• Experience with network security tools (e.g., Zeek/Bro, Suricata, Wireshark) and NDR/SIEM integrations.
• Knowledge of APIs (REST/GraphQL) and containerization (Docker, Kubernetes).
• Familiarity with cybersecurity concepts like encrypted traffic analysis, threat hunting, and behavioral detection.
• Excellent communication skills, with the ability to collaborate with technical and non-technical stakeholders and influence solution design.
• Bachelor’s degree in Computer Science, Engineering, or a related field, or equivalent experience.

Preferred Qualifications

• Experience deploying Corelight products or open-source NDR tools (e.g., Zeek, Suricata).
• Background in SOC operations, incident response, or threat hunting.
• Familiarity with AWS services (e.g., Lambda, API Gateway, S3) or equivalent cloud technologies.
• Certifications such as CISSP, GIAC, or AWS Certified Solutions Architect.
• Experience in developing and deploying SAAS applications is a huge plus.
• Experience with analytics tools like Splunk or Elasticsearch.

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry. Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide. We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture.

Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world.  At Corelight, we take pride in the diversity of our backgrounds and perspectives, and we are committed to fostering an inclusive environment that strengthens our company.

We are looking forward to meeting you.  Check us out at www.corelight.com

Notice of Pay Transparency:

The compensation for this position may vary depending on factors such as your location, skills and experience. Depending on the nature and seniority of the role, a percentage of compensation may come in the form of a commission-based or discretionary bonus. Equity and additional benefits will also be awarded.

Compensation Range

$153,000—$188,000 USD