Description

• Design, develop, and enhance security detections and analytics for Gigamon security and observability solutions. 
• Translate threat use cases, attack techniques, and customer requirements into robust detection logic, metadata correlations, and product capabilities. 
• Build and optimize software components that process high-volume network, application, and security telemetry with strong focus on scale, accuracy, and performance. 
• Develop detections for suspicious behaviors such as lateral movement, anomalous communications, protocol misuse, risky encrypted traffic patterns, and policy violations. 
• Work across data plane and control plane components to implement, test, and debug features in C, C++, Go, and related technologies as appropriate. 
• Collaborate with cross-functional teams on product requirements, software architecture, design reviews, and validation plans for new security features. 
• Partner with product management and field teams to prioritize detection coverage aligned with customer security outcomes and market needs. 
• Integrate detection workflows with modern security ecosystems, including SIEM, XDR, SOAR, data lake, and cloud-native security platforms. 
• Author functional specifications, design documents, detection content guidance, and operational documentation for internal and customer-facing use. 
• Mentor engineers on secure design, detection engineering practices, troubleshooting, and performance-aware implementation. 

• Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field. 
• Typically 10+ years of experience in software engineering, security engineering, detection engineering, or a closely related domain. 
• Strong hands-on proficiency in one or more systems programming languages such as C, C++, or Go; Python experience for tooling, automation, or analytics is a plus. 
• Deep understanding of network and security protocols, with solid knowledge of areas such as TCP/IP, HTTP, TLS/SSL, DNS, proxy technologies, and modern cloud/network architectures. 
• Experience building or operationalizing security detections for threat hunting, incident response, NDR, IDS/IPS, SIEM, XDR, or related security analytics platforms. 
• Proven ability to convert attacker behaviors, threat intelligence, and detection hypotheses into scalable product features, correlation logic, or analytic content. 
• Experience with high-performance, multi-core, multi-process, or multi-threaded systems and an understanding of performance trade-offs in production software. 
• Familiarity with cloud-native and data pipeline technologies such as Docker, Kubernetes, Kafka, and public cloud platforms including AWS, Azure, or GCP. 
• Experience working with security data models, telemetry normalization, enrichment, or correlation across multiple data sources is highly desirable. 
• Strong debugging, analytical, and problem-solving skills, with the ability to investigate complex product, protocol, and customer issues. 
• Excellent written and verbal communication skills, including the ability to explain technical trade-offs clearly across engineering and product teams. 

• You think like both an engineer and a defender, balancing product quality, performance, and security value. 
• You are energized by turning ambiguous threat problems into clear technical designs and practical detections. 
• You are comfortable working in a fast-paced environment and can drive complex initiatives with strong ownership and follow-through. 
• You bring sound technical judgment, ask the right questions, and make thoughtful trade-offs grounded in customer impact. 
• You collaborate effectively across teams and enjoy mentoring others while raising the technical bar. 
• You care about building durable, maintainable solutions rather than one-off fixes. 
• You are curious about evolving attack techniques, detection methodologies, and the changing security landscape.