Towards the end of our interview process is an in-person interview.

By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks.

Corelight is a cybersecurity company that transforms network and cloud activity into evidence. Evidence that elite defenders use to proactively hunt for threats, accelerate response to cyber incidents, gain complete network visibility, and create powerful analytics using machine-learning and behavioral analysis tools. Easily deployed and available in traditional and SaaS-based formats, Corelight is the fastest-growing Network Detection and Response (NDR) platform in the industry. We are the only NDR platform that leverages the power of Open Source projects in addition to our own technology to deliver Intrusion Detection (IDS), Network Security Monitoring (NSM), and Smart PCAP solutions. We sell to some of the most sensitive, mission-critical large enterprises and government agencies in the world.

We are seeking a practitioner ready to make the move from the SOC to the classroom. Someone with genuine operational experience who has started finding ways to share what they know, and wants to build a career around it. You'll work alongside senior instructors to develop curriculum and run live training events, taking on increasing ownership as you grow in the role.

Responsibilities:

• Contribute to curriculum development, keeping material current with real-world network-based attack patterns you've encountered operationally
• Help build hands-on lab environments and CTF challenges that reflect realistic adversary behavior, not textbook scenarios
• Co-facilitate and independently lead training sessions (virtual and in-person) for technically experienced audiences
• Develop recorded, on-demand curriculum
• Administer and optimize Learning Management Systems (Skilljar experience is a plus)
• Educate students on the use and application of Corelight for threat hunting,incident response, and detection engineering
• Use AWS and scripting to help maintain and improve lab infrastructure and provisioning workflows
• Up to 50% travel expected

Qualifications:

• 3 to 5 years of hands-on experience in a SOC Tier II role, Incident Response, or threat hunting
• 1 to 2 years in mentorship, internal training, content creation, or knowledge-sharing in a security context
• Familiarity with the MITRE ATT&CK framework applied to real investigations, not just as a reference
• Meaningful experience with Zeek logs; you can follow an attack through the data and explain what you're seeing
• Working knowledge of Suricata or Snort, including rules creation
• Experience with at least one SIEM platform (Splunk, Elastic, or Sentinel)
• Solid TCP/IP fundamentals and comfort reading packet captures
• Windows/MacOS/Linux/Unix administration experience
• Scripting ability in Python, Bash, Zeek-script, or PowerShell
• Excellent verbal and written communication skills
• Bachelor's degree in a technical field or equivalent experience
• Prior startup experience preferred

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry. Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide. We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world. At Corelight, we are proud of our diversity of background and thought, and we’re united by our strong shared culture and values.

We are looking forward to meeting you. Check us out at www.corelight.com