Senior Product Manager – Threat Detection

Do you want to help make the world safe from cyber attack? 
At Corelight, we believe that the best approach to cybersecurity risk starts with the network.  Attackers can evade endpoint detection, firewalls and many other technologies - but they can’t avoid leaving digital footprints on the networks they traverse.  Built on open-source innovations from Zeek, Suricata and YARA and refined through years of real-world use,  Corelight transforms network footprints from physical, virtual and cloud networks into actionable insights.   Our customers use these insights to speed incident response and proactively hunt for threats.  

As a Product Manager – Threat Detection, you will be responsible for driving the development of Corelight’s Network Detection and Response (NDR) capabilities. You will work closely with security researchers, engineers, and open-source contributors to ensure Corelight’s solutions remain at the forefront of network-based threat detection. Your role will focus on enhancing threat detection capabilities across Corelight’s platform, integrating emerging threat intelligence, and defining the product roadmap to keep security teams ahead of adversaries. Zeek will be one important component of your strategy, but your impact will extend across the broader Corelight security ecosystem.

This position is ideal for someone with strong networking and cybersecurity experience, deep knowledge of network security analytics, and a passion for building security products that detect real-world threats.

Key Responsibilities

• Develop and maintain a cutting edge detection engineering program via collaboration with Corelight Labs Research.
• Execute the product strategy for Corelight’s threat detection capabilities.
• Research adversary tactics, emerging network threats, and novel detection methodologies to improve the effectiveness of Corelight’s NDR solutions.
• Work closely with threat researchers, SOC analysts, and detection engineers to develop high-fidelity detection logic and optimize network threat intelligence.
• Analyze network protocols and traffic patterns to identify new ways to extract valuable security-relevant insights.
• Collaborate with engineering, UX, and security research teams to develop new features and improve the usability of Corelight’s threat detection tools.
• Contribute to open-source security initiatives, representing Corelight in the broader security community and helping drive innovation.
• Act as a technical liaison between customers, security teams, and internal stakeholders to ensure Corelight remains the gold standard for network evidence collection.
• Define, prioritize, and refine product requirements for threat detection capabilities, integrations, and intelligence applications.
• Develop detection content, documentation, and best practices for leveraging Corelight’s platform in threat hunting and incident response workflows.
• Refine and utilize threat intelligence sources to improve detection capabilities and stay ahead of emerging threats.
• Build and maintain relationships with threat intelligence providers, security researchers, and industry peers to enhance Corelight’s ability to detect and respond to adversaries.

Required Qualifications

• 2+ years in a technical support, engineering, or security research role.
• 3+ years in networking in a product or practitioner role.
• 5+ years overall experience in cybersecurity, with a focus on network security and threat detection.
• Strong understanding of network protocols, network security principles, and intrusion detection methodologies.
• Experience with Zeek (Bro) and its applications within NDR and security operations.
• Experience with network forensics, packet analysis, and network-based anomaly detection.
• Strong analytical skills, with the ability to interpret and apply threat intelligence and attack frameworks (e.g., MITRE ATT&CK).
• Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent experience.

Preferred Qualifications

• 1+ years experience as a Product Owner/Product Manager in an Agile/Scrum environment.
• Background in threat hunting or threat intelligence is a plus. 
• Background in behavioral detection models, network anomaly detection, or AI/ML-based security analytics is a plus.
• Experience working with security operations teams (SOC), threat hunters, or forensic analysts to understand their needs.
• Active security clearance is a plus. 

Fueled by investments from top-tier venture capital organizations such as Crowdstrike, Accel and Insight, Corelight is the fastest growing network detection and response platform in the industry.  Our customers trust us to protect mission-critical assets in leading enterprises, government, and research institutions worldwide.  We are leading the way with AI-assisted workflows, machine learning models, cloud security and SaaS-based solutions to arm defenders with the tools and knowledge they need to disrupt cyber attacks. Our team of passionate innovators are dedicated to solving some of the toughest challenges in cybersecurity, while fostering a collaborative, inclusive, and growth-oriented culture. Corelight is committed to a geographically distributed yet connected employee base with employees working from home and office locations around the world.  At Corelight, we are proud of our diversity of background and thought, and we’re united by our strong shared culture and values.
We are looking forward to meeting you.  Check us out at www.corelight.com