1

Corelight Jobs (NOW HIRING)

Senior Legal Counsel

North, SC · On-site

$129K - $175K/yr

Corelight is looking for an experienced attorney to join Corelight's growing legal team, reporting to the General Counsel. As Senior Legal Counsel, you will work on problems of diverse scope where ...

Strong packet capture and traffic analysis skills using tools like Corelight, NetWitness, and CRIBL to spot anomalies and lateral movement * Experience tuning EDR platforms such as CrowdStrike and ...

next page

Showing results 1-20

Corelight information

See salary details

$8

$26

$61

How much do corelight jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for corelight in the United States is $26.34, according to ZipRecruiter salary data. Most workers in this role earn between $15.14 and $30.77 per hour, depending on experience, location, and employer.

What is a Corelight Engineer?

A Corelight Engineer is a professional who specializes in deploying, managing, and maintaining Corelight network security solutions. Corelight is a cybersecurity company known for its network detection and response (NDR) products, built on the open-source Zeek framework. Corelight Engineers typically work with enterprise security teams to monitor network traffic for threats, optimize detection capabilities, and integrate Corelight appliances with other security tools. Their responsibilities may also include troubleshooting issues, performing updates, and providing technical support.

What are some typical challenges faced by security professionals working at Corelight, and how can these be managed effectively?

Security professionals at Corelight often deal with rapidly evolving threat landscapes and the need to analyze large volumes of network data in real time. Balancing proactive threat detection with minimizing false positives can be challenging, especially when customizing solutions for diverse client environments. Effective management involves staying updated on the latest threat intelligence, collaborating closely with engineering and product teams, and leveraging Corelight's robust open-source and commercial tools for continuous improvement. Open communication within the team and ongoing professional development are also key to overcoming these challenges.

What are the key skills and qualifications needed to thrive as a Corelight Security Engineer, and why are they important?

To thrive as a Corelight Security Engineer, you need a solid background in network security, intrusion detection, and experience with network traffic analysis, often supported by a degree in computer science or a related field. Familiarity with Corelight's network sensors, Zeek (formerly Bro), and common SIEM platforms, as well as relevant certifications like CISSP or GIAC, is typically required. Strong analytical thinking, problem-solving ability, and effective communication skills make someone stand out in this position. These skills are crucial for proactively identifying threats, optimizing security infrastructure, and clearly conveying findings to technical and non-technical stakeholders.

What is the difference between Corelight vs Network Security Analyst?

AspectCorelightNetwork Security Analyst
Required CredentialsNetwork certifications (e.g., CompTIA Network+, CISSP), knowledge of network protocolsSecurity certifications (e.g., CISSP, CEH), network knowledge
Work EnvironmentSecurity operations centers, network monitoring environmentsCorporate IT departments, security teams, consulting firms
Employer & Industry UsageCybersecurity firms, large enterprises, government agenciesOrganizations with IT security needs across industries
Comparison IntentUnderstanding technical roles in network securityEvaluating security roles and responsibilities

Corelight specialists focus on deploying and managing network detection tools, analyzing network traffic, and enhancing security infrastructure. Network Security Analysts perform broader security monitoring, incident response, and vulnerability assessments. While both roles require network security knowledge and certifications, Corelight roles are more technical and tool-specific, whereas Network Security Analysts have a wider scope in security operations.

More about Corelight jobs
What states have the most Corelight jobs? States with the most job openings for Corelight jobs include:
Infographic showing various Corelight job openings in the United States as of July 2026, with employment types broken down into 74% Full Time, 12% Part Time, and 14% Contract. Highlights an 84% Physical, 2% Hybrid, and 14% Remote job distribution, with an average salary of $54,791 per year, or $26.3 per hour.
Network Security Analyst

Network Security Analyst

Trail Blazer Consulting LLC

Austin, TX • On-site

Other

Posted 17 days ago


Job description

Job Title: Network Security Analyst
Location: Onsite in Austin TX (they may allow hybrid later but said to
consider an onsite role for now) Austin TX (not willing to relocate) only local
Duration: 6+ months
Type: C2C
Visa: USC
Interview Mode: Video then onsite
Job Description:
Location:
ONLY SEND CANDIDATES who ALREADY reside within 50 miles of Austin (NO
RELOCATION CANDIDATES ALLOWED). Also ask if they are traveling this week or
future weeks (we can''t send if they are going to be traveling next 2-3 weeks)
Interview they said might be either so send candidates who can conduct an in
person (we don''t have an option to change it and they will be auto rejected if
they can''t come for an interview if the client requires)
The primary work location(s) will be at TXCC San Antonio office, 506 Dolorosa
Street, San Antonio, TX 78204, or TXCC Austin office, 1001 North Loop, Austin,
TX 78756.
RESUMES MUST MENTION THE REQUIRED SKILLS FOR AT LEAST 5 YEARS OF JOBS. IF THEY
ALSO HAVE THE PREFERRED SKILLS THEY NEED TO BE MENTIONED BUT AT LEAST ALL THE
REQUIRED
WHAT TO SEND:
• Resume - including all the required skills for 5 years
• DL and if its from another state also include a bill to show current location
• Since its a Citizen if they have a name like Bob or Mike don''t need
anything but if its not a US Native name send passport (as long as it shows
name and photo they are free to black out rest) but otherwise we don''t have a
way to know they are a citizen, but again they can hide the personal details
• - also include form
MUST HAVE
5 Required Advanced host based forensics across Windows and Linux, including
memory, disk, and malware analysis, using telemetry from
NetWitness, Gravwell, Google SecOps, and Corelight to validate findings and
reconstruct attacker activity.
5 Required Ability to correlate host, network, and intelligence data from
CrowdStrike, SentinelOne, Microsoft Sentinel, Corelight, and
NetWitness to build complete incident timelines.
5 Required Experience producing high quality incident reports and executive
summaries using evidence collected from Gravwell, NetWitness,
Corelight, and case management workflows.
4 Required Strong understanding of adversary TTPs, intrusion kill chains, and
threat hunting methodologies using packet level and log level
data from but not limited to Corelight, NetWitness, and CRIBL pipelines.
3 Required Incident Commander experience
1 Required Experience supporting SLTT or critical infrastructure environments,
including multi tenant IR operations and cross agency
coordination.
PREFERRED
5 Preferred Proficiency with threat intelligence platforms, including Recorded
Future, ThreatMon, GreyNoise, Google Threat Intelligence,
VirusTotal, and Mandiant, to enrich investigations, validate indicators, and
map activity to MITRE ATT&CK.
5 Preferred Hands on experience using Cyware CSAP for incident orchestration,
automated enrichment, case creation, and workflow execution
across SIEM, IPS, EDR, and ticketing systems.
4 Preferred Security Certifications Preferred (CISSP, CIH, Sec+)
Job Description
• Perform advanced incident response across Windows and Linux environments,
including triage, containment, eradication, and recovery.
• Conduct host-based forensics, including log analysis, memory capture, file
system review, and malware behavior analysis.
• Serve as Incident Commander during cybersecurity events, coordinating
actions, documenting decisions, and communicating with leadership and affected
agencies.
• Analyze adversary Tactics, Techniques, and Procedures (TTPs) and map findings
to MITRE ATT&CK.
• Review and validate alerts from SIEM, IDS/IPS, EDR, and network monitoring
tools.
• Produce incident reports, timelines, and executive summaries for statewide
stakeholders.
• Support multi-agency response operations, including SLTT partners and
critical infrastructure entities.
• Provide recommendations for detection improvements, hardening, and long-term
mitigation.
• Participate in post-incident reviews, lessons learned, and playbook updates.
• Maintain readiness for 24x7 response through on-call rotation or surge
support.