Full-Time Senior Software Engineer | Detection Infrastructure

At ExtraHop, we're on a mission to help organizations achieve complete visibility, real-time threat detection, and proactive security through cutting-edge network detection and response (NDR) technology. Our NDR product is a market leader, providing our customers with the ability to detect, investigate, and respond to threats faster than ever before. We’re proud of the work we do and the recognition we’ve received, including our recent Gartner Peer Insights award, which reflects the trust and satisfaction our customers have in our solutions.

We are seeking a highly skilled and motivated Senior Software Engineer | Security with a strong software and detection engineering background to join our Detection Engineering (DE) team and help expand ExtraHop’s industry leading detection coverage.

An ideal candidate will have strong software engineering, networking, and cybersecurity fundamentals as well as knowledge of modern Identity and Access Management (IAM).

This position works closely with security researchers and data scientists to develop cutting edge network threat detections that leverage rule-based network observations as well as ML-powered anomaly detections.

As a Senior Software Engineer | Security, you will be working as part of a team dedicated to delivering industry leading detection capabilities. You will be expected to work with a high level of autonomy, to mentor other team members, and to demonstrate a high level of ownership of your areas of responsibility.

Key Responsibilities

• Develop network threat detectors by leveraging rule-based and ML-based detection strategies
• Reproduce attacks in a lab environment using live tools and recorded PCAP traffic, and perform threat hunts on aggregated log data, in order to identify malicious behaviors and develop techniques to detect them
• Collaborate with Threat Research and Data Science teams to gain insight on attacker techniques and take advantage of the latest machine learning models to detect attacker behavior
• Work with infrastructure teams to help develop and improve tools that Detection Engineering and Threat Research teams use in developing and testing detections.

Mentorship

• Mentor and coach other Security Engineers regarding detector development and network threats
• Actively participate in code review to ensure quality and uplevel other engineers

Required Qualifications

• 5+ years of experience in software and/or detection engineering in a team environment
• Experience developing and deploying code for enterprise software applications with emphasis on code quality and maintainability
• In-depth knowledge of networking fundamentals, including the OSI model and excellent working knowledge of the key protocols from Layer 2 through Layer 7
• Experience working with modern Identity and Access Management (IAM) using SAML and OIDC
• Experience with network-oriented security tools such as Wireshark, Tshark, tcpdump, Suricata, Snort, or other packet capture/analysis tools

Preferred Qualifications

• Proficiency in Javascript and Python
• Awareness of current network-based attacks and detection strategies, with a focus on post-exploitation, lateral movement, C2, and exfiltration techniques
• In-depth knowledge of Windows protocols and attack techniques
• Experience with threat hunting, purple teaming, and log/traffic analysis

What is the last date for applying to the job?

Which countries are accepted for this remote job?