Senior Escalation Engineer

Escalation Engineer

Do you want to help make the world safe from cyber attack?

At Corelight, we believe that the best approach to cybersecurity risk starts with the network. Attackers can evade endpoint detection, firewalls and many other technologies - but they can’t avoid leaving digital footprints on the networks they traverse. Built on open-source innovations from Zeek, Suricata and YARA and refined through years of real-world use, Corelight transforms network footprints from physical, virtual and cloud networks into actionable insights. Our customers use these insights to speed incident response and proactively hunt for threats.

As an Escalation Engineer, you are the critical bridge between our customers' most complex technical challenges and our innovative engineering solutions. You aren't just resolving support cases; you are ensuring that the world's most sensitive organizations have the visibility they need to disrupt attacks. By mastering everything from Linux internals to cloud networking, you serve as a technical champion who ensures Corelight's "evidence" remains the gold standard for defenders worldwide.

Specific Responsibilities:

• Drive Technical Resolution: Serve as the primary point of contact for complex customer escalations and Proof of Concepts (POCs), ensuring successful outcomes for mission-critical issues.
• Deep-Dive Troubleshooting: Conduct advanced root cause analysis (RCA) involving Linux internals, hardware performance, and intricate network topologies.
• Manage High-Stakes Cases: Orchestrate and drive multiple high-priority cases simultaneously, maintaining focus and urgency under pressure.
• Internal Advocacy: Act as a liaison between the field and HQ, translating customer requirements into structured, actionable feedback for Engineering and Product Management.
• Deliver Excellence: Provide regular, transparent status updates to stakeholders and customers, adhering strictly to defined SLAs while offering best-practice guidance for Corelight solutions.
• Network Optimization: Identify underlying issues and recommend architectural or configuration changes to customer networks to improve product reliability and performance.

Knowledge/Skills/Abilities needed to be successful:

• A Customer-First Mindset: A relentless drive to advocate for the customer and see problems through to a successful conclusion.
• Clear Communication: The ability to articulate complex technical concepts—both verbally and in writing—to audiences ranging from SOC analysts to executive leadership.
• Collaborative Resourcefulness: A proven ability to work cross-functionally and thrive in a fluid, high-growth environment.
• Operational Readiness: Flexibility to participate in a rotational on-call schedule (including nights/weekends) to support global, high-priority customer needs.

Qualifications/Requirements:

• Experience: 5+ years in a hands-on technical role focusing on post-sales support (troubleshooting, sysadmin, or network security).
• Technical Depth: Strong proficiency in UNIX/Linux administration, including performance monitoring, kernel-level tracing, and debugging system calls.
• Networking Expertise: Deep understanding of TCP/IP fundamentals, routing/switching, and common protocols (VLANs, NAT, VPNs).
• Cloud & Virtualization: Proven experience troubleshooting cloud networking (AWS, Azure, GCP) and virtualization platforms (ESXi, Hyper-V).
• Education: BS/BA or equivalent in a relevant field (CS, EE, MIS).
• Preferred Skills: Familiarity with Zeek scripting, Python, packet capture utilities (Wireshark/tcpdump), and expert-level protocol knowledge (SMB, HTTP, TLS/SSL). Security certifications (CISSP, GIAC) are a plus.

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry. Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide. We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world. At Corelight, we take pride in the diversity of our backgrounds and perspectives, and we are committed to fostering an inclusive environment that strengthens our company. By embracing a wide range of experiences, backgrounds, neurodiversity, talents, and approaches to problem-solving, we aim to create a workplace where everyone can thrive and contribute their best.

We are looking forward to meeting you. Check us out at www.corelight.com