By making evidence the heart of security, we help customers stay ahead of ever-changing cyber-attacks.
Corelight is the cybersecurity company that transforms network and cloud activity into evidence. Evidence that elite defenders use to proactively hunt for threats, accelerate response to cyber incidents, gain complete network visibility and create powerful analytics using machine-learning and behavioral analysis tools. Easily deployed, and available in traditional and SaaS-based formats, Corelight is the fastest-growing Network Detection and Response (NDR) platform in the industry. And we are the only NDR platform that leverages the power of Open Source projects in addition to our own technology to deliver Intrusion Detection (IDS), Network Security Monitoring (NSM), and Smart PCAP solutions. We sell to some of the most sensitive, mission critical large enterprises and government agencies in the world.
Our Chief Scientist wrote Zeek (nee Bro). He runs our team and is a hell of a guy. We've got a great director too. Our researchers build network detection features that run on and beside Zeek and Suricata both on the sensors and cloud. We try to build the infra and tools to help.
* We are building a distributed research platform for the Corelight Labs team to test detections and ML.
* We call that platform Polaris.
* Its made of up of real metal and a bit of cloud too (AWS, Azure).
* Polaris is monitored with Zeek, Prometheus, Alertmanager and can be visualized with Grafana.
* We run long-lived services on Kubernetes in EKS.
* We write our tools and automation in Go, Python, Typescript, Bash and loads of Git.
* We use GitOps to coordinate our automation and construct self-service tooling.
* We work closely with our SaaS, Security, Success and Engineering teams.
* We're small and try to support a greater team of ~35.
The Good
* We work with and support an amazing team of very smart, capable and genuinely fantastic people.
* Corelight is based in the Bay Area, but we're remote. Our team spans the globe.
* We usually get together in person once a year in person.
* We're growing our deployments. We’re planning on doubling our PoPs by 2025.
The Bad
* Standing up new PoPs can be slow. Lots of Layer 8 (TM)
The Ugly
* Managing distributed systems is tough. Sometimes administration is a pain.
Some of our upcoming projects:
- Collect system logs (eg: fluentd), consolidate to humio
- Loads of GItOps opportunities to automate work on the Platform
- Replace Duo MFA with YubiKey
- Scale our Wireguard hub deployment horizontally
- More resilient spokes in WG hub-and-spoke topology
A note on experience
We are proud of our culture and values - driving diversity of background and thought, low-ego results, applied curiosity and tireless service to our customers and community. Corelight is committed to a geographically dispersed yet connected employee base with employees working from home and office locations around the world. Fueled by an accelerating revenue stream, and investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight - we are rapidly expanding our team.
Check us out at www.corelight.com