By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks.
Corelight is a distributed first cybersecurity startup in the network detection and response (NDR) market. Our technology helps defend some of the world's most sensitive, mission-critical organizations and gives defenders a commanding view of their environment - so they can outsmart and outlast adversaries. Corelight's unfair market advantages include our unique architecture built on open source Zeek, as well as our founding team - which includes Zeek's inventor and its key open source committers. We aim to follow in the footsteps of successful open source security companies such as Sourcefire and Tenable, and help make the world's networks safer.
As a Software Development Engineer in Test (SDET) at Corelight, you will utilize your strong network security and development skills to design, develop and utilize test frameworks, test tools, and automation. You will define, implement, and analyze metrics to determine test effectiveness and the overall quality of software. This position requires collaborating with the product developers, build and devop engineers developers to ensure the tools you create and maintain support to the full team. The ideal candidate will look to reuse and adapt modern solutions from the security, network, infrastructure and SQA communities.
- This Security Test Automation Engineer role involves utilizing strong network security and development skills to design, develop, and maintain advanced, data-driven test automation frameworks and tools. The core focus is on ensuring the quality and functional correctness of Corelight’s security products, specifically by validating the output of network sensors and detection engines. This includes designing test plans to verify event data fidelity, developing tooling to simulate high-volume network traffic for defect reproduction, and analyzing detection engine output for correctness and performance impact, all while collaborating closely with detection engineering and development teams to maintain the overall quality and reliability of Corelight's security products.
Role & Responsibilities
- Be the testing expert, focusing on data quality and functional correctness, within a detection engineering research team.
- Design and implement system testing suites for the output of network security products.
- Responsible for the full testing lifecycle, including defining test plans and cases that specifically verify event data (logs, metadata) quality, fidelity, and adherence to schema.
- Develop tooling to ingest, simulate, and analyze high-volume network traffic data to replicate real-world scenarios and reproduce defects in sensor output.
- Analyze detection engine output for false positives, false negatives, and performance impact, working closely with detection engineers, and developers to refine detection logic.
Minimum Requirements
- 3+ years professional coding experience in Python or Go, with an emphasis on designing and implementing data-driven test automation frameworks and tooling for validating data streams.
- Proficiency with logging, metric, and data analysis solutions (e.g., Prometheus, Elastic Stack, Splunk) to query and validate sensor output.
- Proficiency with virtual or cloud providers for setting up controlled network environments for sensor testing.
- Professional coding experience in Python/Go for test automation and building tooling for validating data streams and detection correctness.
- Experience with Kubernetes, Docker, or Container ecosystems, including networking concepts relevant to containerized sensor deployment.
- Expertise in Linux usage for setup/configuration, operation, and monitoring system and network traffic behavior and performance.
Preferred Requirements
- 1+ years professional experience with network intrusion detection systems (NIDS) like Zeek or Suricata, particularly in analyzing their output/logs.
- Experience creating, collecting, and manipulating packet capture (PCAP) files for use in test scenarios, traffic simulation, and defect reproduction.
We are proud of our culture and values - driving diversity of background and thought, low-ego results, applied curiosity and tireless service to our customers and community. Corelight is committed to a geographically dispersed yet connected employee base with employees working from home and office locations around the world. Fueled by an accelerating revenue stream, and investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight - we are rapidly expanding our team.
Check us out at www.corelight.com