Senior NDR & Platform Observability Engineer

Location: Minneapolis MN / Hartford CT

We are hiring a Senior Engineer to own the health monitoring automation and reliability of the enterprise Network Detection & Response (NDR) ecosystem with strong focus on Corelight Zeek pipelines and observability platforms.

You will work closely with Security Operations Incident Response and Network Engineering teams to improve detection quality reduce alert noise and ensure continuous NDR coverage.

• Operate and maintain NDR sensors Zeek pipelines and telemetry ingestion
• Monitor sensor uptime packet throughput ingest health and drop rates
• Triage NDR alerts and support SOC/IR investigations
• Tune Zeek scripts Suricata rules Corelight detection packs
• Troubleshoot SPAN/TAP feeds and packet broker visibility
• Design and build enterprise observability stack
• Develop Python-based metrics collectors & automation
• Build dashboards & alerts using:
  • Grafana
  • Prometheus
  • InfluxDB
  • Telegraf
• Define SLIs/SLOs for platform reliability & data freshness
• Create runbooks documentation and operational reports

• 5 years in NDR Security Operations Network Engineering or Observability
• Hands-on with Corelight Zeek Suricata Endace or cPacket
• Strong Python scripting & REST API integrations
• Experience with Grafana Prometheus InfluxDB Telegraf
• Solid knowledge of network traffic packet capture and troubleshooting
• Experience building monitoring dashboards alerts and metrics pipelines
• Experience supporting SOC / Incident Response teams

• Custom Prometheus exporters (Python/Go)
• Corelight APIs & Zeek customization
• Docker / Kubernetes
• SIEM integrations
• Exposure to Kafka Elasticsearch Loki
• Knowledge of MITRE ATT&CK

• Regular use of GitHub Copilot Microsoft 365 Copilot and enterprise GenAI tools
• Apply AI to improve coding documentation automation and analytics workflows