4 Zeek Jobs

Company Description Arista Networks is an industry leader in data-driven, client-to-cloud networking for large data center, campus and routing environments. Arista is a well-established and profitable company with over $7 billion in revenue. Arista’s award-winning platforms, ranging in Ethernet speeds up to 800G bits per second, redefine scalability, agility, and resilience. Arista is a founding member of the Ultra Ethernet consortium. We have shipped over 20 million cloud networking ports worldwide with CloudVision and EOS, an advanced network operating system. Arista is committed to open standards, and its products are available worldwide directly and through partners. At Arista, we value the diversity of thought and perspectives each employee brings. We believe fostering an inclusive environment where individuals from various backgrounds and experiences feel welcome is essential for driving creativity and innovation. Our commitment to excellence has earned us several prestigious awards, such as the Great Place to Work Survey for Best Engineering Team and Best Company for Diversity, Compensation, and Work-Life Balance. At Arista, we take pride in our track record of success and strive to maintain the highest quality and performance standards in everything we do. Job Description Who You’ll Work With In this role as a Network Detection and Response (NDR) Specialist, you will work closely with Security Operations Center (SOC) analysts, threat hunters, incident response teams, network and infrastructure teams, and IT security leadership. You will also collaborate with cybersecurity architects, intelligence analysts, and tool administrators to ensure effective deployment, tuning, and integration of NDR platforms. Coordination with external vendors and platform providers (such as Vectra, Darktrace, or ExtraHop) may also be required for tool optimization and support. This role demands strong cross-functional engagement to enable rapid threat detection, investigation, response, and continuous improvement of the organization’s security posture. What You’ll Do Arista is seeking a skilled and proactive Network Detection and Response (NDR) Specialist to join our cybersecurity team. The ideal candidate will be responsible for monitoring, detecting, investigating, and responding to network-based threats using advanced NDR platforms. This role is crucial in strengthening our organization’s threat detection capabilities and reducing cyber risks in real time. Key Responsibilities Monitor network traffic to detect malicious or anomalous activity using NDR solutions (e.g., Darktrace, Vectra, ExtraHop, Corelight). Configure, maintain, and fine-tune NDR tools to optimize detection capabilities and minimize false positives. Conduct deep-dive analysis of network events to identify indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs). Collaborate with SOC analysts, threat hunters, and other teams to contain and remediate threats. Perform forensic investigations of network packets and flows using tools such as Wireshark, Zeek, or Suricata. Develop detection rules, playbooks, and alerting mechanisms aligned with MITRE ATT&CK framework. Assist in threat intelligence enrichment and correlation with network-based alerts. Prepare root cause analyses, and recommendations for enhancing network security posture. Stay current on emerging threats, attack techniques, and NDR technologies. Qualifications Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field (or equivalent experience). 3–5 years of experience in cybersecurity, with at least 2 years focused on NDR or network security. Hands-on experience with one or more NDR platforms (Vectra AI, Darktrace, ExtraHop, etc.). Strong understanding of network protocols (TCP/IP, DNS, HTTP, etc.) and packet analysis. Familiarity with threat detection and response processes. Working knowledge of SIEM platforms, firewalls, IDS/IPS, and EDR solutions. Experience using MITRE ATT&CK, PCAP analysis, and threat intelligence feeds. Preferred Qualifications Certifications such as GCIA, GCIH, CEH, CISSP, or equivalent. Experience in scripting (Python, PowerShell, Bash) for automation and data analysis. Knowledge of cloud environments (AWS, Azure, GCP) and their networking components. Experience integrating NDR with SOAR/SIEM for automation and correlation. Analytical mindset with strong problem-solving skills. Ability to work under pressure Excellent verbal and written communication skills. Team player with the ability to collaborate across technical and non-technical teams. Additional Information Arista stands out as an engineering-centric company. Our leadership, including founders and engineering managers, are all engineers who understand sound software engineering principles and the importance of doing things right. We hire globally into our diverse team. At Arista, engineers have complete ownership of their projects. Our management structure is flat and streamlined, and software engineering is led by those who understand it best. We prioritize the development and utilization of test automation tools. Our engineers have access to every part of the company, providing opportunities to work across various domains. Arista is headquartered in Santa Clara, California, with development offices in Australia, Canada, India, Ireland, and the US. We consider all our R&D centers equal in stature. Join us to shape the future of networking and be part of a culture that values invention, quality, respect, and fun.

Outreach is the first and only AI Sales Execution Platform built for intelligent revenue workflows. Built on the world’s largest foundation of customer interactions and go-to-market team data, Outreach’s leading revenue AI technology helps go-to-market professionals and their companies win by intelligently accelerating decision making and elevating sellers to do their best work. Our powerful platform gives revenue teams the tools they need to design, measure, and improve a revenue strategy for every stage of the customer journey, improving efficiency and effectiveness across the entire revenue cycle. Over 6,000 customers, including Zoom, McKesson, Snowflake, SAP, and Okta use Outreach to power workflows, put customers at the center of their business, improve revenue results, and win in the market. Outreach is a privately held company based in Seattle, Washington, with offices worldwide. To learn more, please visit www.outreach.io. The Role Bridging Intelligence and Action The Cyber Intel Fusion Analyst is a pivotal role within our security program. This position serves as a critical bridge, linking strategic threat intelligence with tactical security operations. The analyst will be instrumental in evolving our security practices beyond traditional, siloed functions while ensuring that intelligence capabilities are not merely insightful but are directly integrated and operationalized within our security framework. This proactive operationalization of intelligence is key to anticipating emerging threats and developing innovative countermeasures to counter sophisticated cyber threats before they can impact our services or compromise sensitive information. The ability to quickly fuse intelligence into operational defense mechanisms provides a distinct security advantage, crucial for maintaining service reliability and customer trust. Your Daily Adventures Will Include Core Responsibilities: Shaping Our Defenses The responsibilities of the Cyber Intel Fusion Analyst are multifaceted, demanding a blend of analytical acumen, technical expertise, and collaborative skill. Intelligence Cycle Management & Requirements Definition: The analyst will manage the intelligence analysis cycle as it pertains to team operations. This includes working closely with team operators and other stakeholders to identify and refine intelligence requirements that drive threat emulation assessments and inform defensive strategies. A key function involves identifying intelligence requirements for diverse areas such as security operations, cloud security, enterprise security, and application security, including those related to artificial intelligence. This broad scope necessitates an understanding of the unique intelligence needs of various teams, positioning the analyst as a strategic partner who can tailor and deliver relevant intelligence to enhance the effectiveness of multiple security functions. Tactical Intelligence Analysis & Adversary Understanding: A core function is providing tactical cyber intelligence analysis, meticulously identifying specific adversary tactics, techniques, and procedures (TTPs). This analysis will be consistently tied back to established frameworks like the MITRE ATT&CK® Framework, leveraging intelligence provided by relevant organizations. The role involves recognizing and researching attacks and attack patterns based onpublished open-source intelligence (OSINT) and other intelligence sources. The analyst will be adept at handling and organizing disparate data concerning detections, attacks, and attackers to accurately identify adversary groups and their modus operandi, thereby driving assessments pertinent to the company. This process transforms general threat data into a refined understanding of adversaries specifically targeting our environment, such as those focusing on SaaS platforms if applicable. Developing Actionable Intelligence & Driving Threat Emulation: The analyst is tasked with developing, producing, and managing Adversary Response Playbooks. These playbooks are crucial for supporting and driving threat emulation assessments, ensuring our defenses are tested against realistic adversary behaviors.1 This involves translating analyzed intelligence on adversary TTPs and campaign indicators into actionable detection strategies, such as developing custom SIEM correlation rules or contributing to Security Orchestration, Automation, and Response (SOAR) playbooks. This operationalization of intelligence is fundamental, turning analytical findings into tangible, proactive defensive measures that strengthen our security posture. Collaboration, Liaison & Stakeholder Management: Effective relationship management is paramount. The analyst will manage relationships with organizations, both internal and external, that provide requested intelligence to the team or receive information from it. A significant part of the role includes representing the team in cyber threat intelligence-related meetings and matters, acting as a crucial liaison. This collaboration extends across multiple organizational functions, potentially including cloud engineering teams, DevSecOps personnel, SOC analysts, incident responders, and even executive leadership. By effectively sharing tailored intelligence, the analyst acts as a force multiplier, enhancing the capabilities and preparedness of various teams across the organization. Our Vision of You Core Competencies: Mastery of the Intelligence Cycle: Expertise in managing the intelligence analysis cycle, encompassing planning, collection (including OSINT and multi-source intelligence), processing, in-depth analysis of adversary TTPs, and the production and dissemination of timely, accurate, and actionable intelligence products tailored to diverse internal audiences. Strategic Requirements Identification: Proven ability to identify and refine intelligence requirements for a wide array of security functions, includingsecurity operations, cloud security, enterprise security, and application security (potentially including AI), ensuring intelligence efforts align with business and operational needs. Tactical Intelligence & TTP Expertise: Strong skills in tactical cyber intelligence analysis, identifying specific adversary TTPs and mapping them to frameworks like MITRE ATT&CK®. This includes researching current attacks, attack patterns, and understanding threats specific to modern environments (e.g., SaaS-specific attack patterns). Actionable Output Development: Demonstrable experience in developing, producing, and managing resources like Adversary Response Playbooks to support and drive threat emulation assessments, effectively translating intelligence into practical defensive measures. Data Synthesis & Adversary Profiling: Capability in handling and organizing disparate data about detections, attacks, and attackers to properly identify adversary groups and develop comprehensive threat actor profiles, particularly those relevant to the company’s operational landscape. Exceptional Collaboration & Liaison Skills: Excellent relationship management abilities with internal and external intelligence providers and consumers, and proven experience acting as an effective liaison and team representative in intelligence matters. Education and Experience: A minimum of 5 years of progressive, hands-on experience in the cybersecurity domain, with a demonstrable track record in roles that combine cyber threat intelligence analysis with security operations or incident response functions. Experience in environments with a significant cloud and SaaS focus is highly advantageous. This emphasis on combined experience highlights the need for individuals who have practically applied the "fusion"concept. Technical Prowess: The analyst must possess a robust set of technical skills to effectively investigate security incidents, analyze threat data, and implement defensive measures, especially within cloud environments. Essential Technical Competencies Are Outlined Below An in-depth understanding of core networking protocols (TCP/IP, UDP,HTTP/S, DNS, SMTP, etc.), network traffic analysis methodologies, and the function of common networking ports and protocols. Proficiency with cloud security architectures (IaaS, PaaS, SaaS) and hands-onexperience with security tools native to major cloud platforms (e.g., AWS,Azure, GCP). Expertise with Security Information and Event Management (SIEM) platforms for log correlation, advanced analysis, and the development of custom detection rules. Hands-on experience with Endpoint Detection and Response (EDR/XDR) solutions for endpoint threat detection, investigation, and response. Strong skills in comprehensive log analysis from diverse cloud and on-premises sources, including operating systems (Windows, Linux, macOS), applications, network devices, and cloud service logs (e.g., CloudTrail, Azure Monitor). A solid understanding of Windows and Linux operating systems (including distributions such as RHEL, Ubuntu, CentOS) and macOS, encompassing system administration fundamentals, security configurations, logging mechanisms, and common attack vectors. Scripting skills for automation of analytical tasks, data manipulation, tool integration, or the development of custom detection scripts using languages such as Python, PowerShell, or Bash. Deep understanding and practical application of threat intelligence frameworks such as the MITRE ATT&CK® Framework, the Cyber Kill Chain®, and the Diamond Model of Intrusion Analysis. The following outlines core technical competencies and representative toolsets relevant to this role: Category Examples/Specific Tools (Tailored for SaaS) Cloud Platform Security: AWS (GuardDuty, Security Hub, Macie, Inspector), Azure (Sentinel, Defender for Cloud), GCP (Security Command Center) SIEM: Google SecOps, CrowdStrike NG SIEM, Sumologic CloudSiem EDR/XDR: CrowdStrike Falcon, JAMF Protect Network Analysis: Wireshark, Zeek (formerly Bro), Suricata, Cloud-native traffic mirroring/analysis tools Vulnerability Management: CrowdStrike Exposure Management, Wiz, Cloud-native vulnerability scanners Scripting Languages: Python, PowerShell, Bash Operating Systems: Windows (Client/Server), Linux (various distributions such as RHEL, Ubuntu, CentOS), macOS Threat Intelligence Platforms: (TIPs) MISP, ThreatConnect, Anomali ThreatStream,Recorded Future. Analytical and Communication Skills: Exceptional analytical and problem-solving skills, with a demonstrated ability to correlate disparate datasets, identify subtle patterns of malicious activity, and make sound, evidence-based judgments, often under pressure. Excellent written and verbal communication skills, with the proven ability to articulate complex technical information, security concepts, and intelligence findings clearly and concisely to diverse audiences, including technical peers and management. Work Requirements This position requires participation in an on-call rotation to provide expert support during critical security incidents. This role does not involve regular shift work. Bonus Points: Preferred Qualifications While not mandatory, the following qualifications will significantly differentiate strong candidates and indicate a deeper specialization. Advanced Industry-recognized Cybersecurity Certifications. Examples Include GIAC Cyber Threat, SANS/GIAC Cyber Threat Intelligence, Intelligence (GCTI), GIAC Certified Intrusion, SANS/GIAC Network Security Monitoring, Analyst (GCIA), Intrusion Detection, GIAC Certified Incident, SANS/GIAC Incident Response, Handler (GCIH), CISSP (ISC)² Broad Cybersecurity, Management & Operations, AWS Certified Security – Amazon Web Services AWS Cloud Security Specialty, Azure Security Engineer, Microsoft Azure Cloud Security, Associate (AZ-500), CompTIA Cybersecurity, CompTIA Cybersecurity Analysis, Analyst (CySA+), Intrusion Detection, Offensive Security Certified, Offensive Security Penetration Testing, Professional (OSCP), (Understanding Attacker Methods) Practical experience utilizing Threat Intelligence Platforms (TIPs) such as MISP, ThreatConnect, Anomali ThreatStream, or Recorded Future. Experience with Security Orchestration, Automation, and Response (SOAR) platforms and playbook development. Knowledge of malware analysis (static and dynamic) and reverse engineering techniques, and familiarity with associated tools. Familiarity with DevSecOps principles and experience securing CI/CD pipelines. Understanding of compliance frameworks relevant to SaaS environments (e.g.,SOC 2, ISO 27001/27701/42001, GDPR, HIPAA). Why You’ll Love It Here Highly competitive salary 25 days annual vacation time + sick time and casual leave Group medical policy coverage available to employees and up to 5 eligible family members OPD benefit covered up to INR 10,000 Life insurance and personal accident insurance at 3x annual CTC 26 weeks of maternity leave pay, and 15 days of paternity leave pay Opportunity to be part of company success via the RSU program Diversity and inclusion programs that promote employee resource groups like OWN+ (Outreach Women's Network), Adelante (Latinx community), OBX (Outreach Black Connection), Mosaic (AAPI community), Pride (LGBTQIA+), Gender+, Disability Community, and Veterans/Military Employee referral bonuses to encourage the addition of great new people to the team Fun company and team outings because we play just as hard as we work Our success is reliant on building teams that include people from different backgrounds and experiences who can elevate assumptions and ideas with fresh perspectives. We're dedicated to hiring the whole human, not just a resume. To that end, we look for a diverse pool of applicants-including those from historically marginalized groups. We would like to invite you to apply even if you don't think you meet all of the requirements listed below. We don't want a few lines in a job description to get between us and the opportunity to meet you. Show more Show less

Indore, Madhya Pradesh, India Qualification : Deploying various Open-Source Network Security Solutions Integrate relevant components. Performance Optimization and Optimization of Rules set. Event driven process flow and actions – customization of IPC and enrichments. System Engineering for reliability and system performance improvement Research on new approaches and IP creation. Skills Required : IP Networks, Linux Internals, Scripting, LUA, Event Driven Scripting, YARA, SIGMA Role : Rich Experience in working on Network Security Products such as IDS / IPS, Next Generation Firewall, Experience of as product Development / Solution Engineering Experience in working on IP networking, IP networking Protocols, Computer System internals, IPCs. Good understanding and knowledge of TCP/IP networking: Including L2/L3/L4/L7 protocols (SIP, RTP, SMTP, HTTP, POP3, FTP, STP, VLAN, VTP, TCP/IP, BGP, OSPF, GTP, GRE,DHCP, DNS, FTP, HTTP/S and SNMP) Strong Understanding of PCAP, DPI (Deep Packet Inspection) Deployment and performance optimization of– Suricata / SNORT/ Zeek. Creating and adopting Rules for IDS/IPS, Experience in working large networks ~ 10G/100G/400G. Network Clustering, Parallel processing, Virtual Appliances, Working on Linux, Cloud Environment, Network Processing Cards (NICs), Parallel processing, Off-loading, Accelerations Qualifications Postgraduate in Com Sc. Engineering with specialization in IP Networking Programming Skills in C/C++, Python Operating Systems: Linux Experience: 4-6 years. Experience : 4 to 6 years Job Reference Number : 11592

We are seeking an OT Network Engineer to contribute to the development of an industrial automation and security platform with advanced OT network discovery, device fingerprinting, real-time tracking, and security compliance features . The ideal candidate will have expertise in network scanning, industrial protocols (SNMP, LLDP, ARP), Zero Trust security, IEC 62443 compliance, and PLC inventory management . This role requires hands-on experience in building scalable, secure, and AI-driven OT networking solutions integrated into the platform. Key Responsibilities: OT Network Discovery & Device Fingerprinting Develop and integrate automated network scanning for industrial assets into the platform. Implement passive & active network scanning using SNMP, LLDP, ARP, and industrial protocols. Design and optimize device fingerprinting to classify OT devices (PLCs, SCADA nodes, IIoT gateways, sensors) based on manufacturer, model, firmware, and protocol stack. Enable real-time endpoint tracking and automated asset registration within the platform. 2. Industrial Network Security & Compliance (IEC 62443, Zero Trust) Implement IEC 62443-based security frameworks within the platform to ensure OT network compliance. Integrate Zero Trust security models for industrial endpoints and control networks. Work on network segmentation strategies for isolating critical industrial systems within the platform. Design and develop anomaly detection features for unauthorized device behaviors using AI-based security analytics. 3. SCADA-Integrated Asset Management & Monitoring Contribute to the development of a SCADA-integrated asset inventory system for industrial environments. Develop a real-time monitoring engine for tracking PLC instances, network ports, and communication health. Optimize SCADA-to-OT data flows for improved visibility and control. Design SCADA security monitoring dashboards for operational visibility and threat detection. 4. OT Network Simulation & Testing Framework Develop a virtualized OT network environment for testing protocol translations and device communications. Simulate SCADA-to-PLC interactions within a cloud-based or hybrid testing framework. Create automated test cases for evaluating platform performance in large-scale OT environments. 5. AI-Driven Security & Network Optimization Contribute to AI-powered security heuristics for intrusion detection, anomaly recognition, and behavioral analysis. – Strongly Preferred Design real-time correlation engines to map network security events to operational risk indicators. Work with data scientists to integrate machine learning models for predictive network failure analysis. Required Skills & Qualifications: Networking & Industrial Protocols: Expertise in SNMP, LLDP, ARP-based discovery and industrial networking standards. Deep understanding of SCADA, PLC, DCS, and IIoT network architectures. Strong knowledge of Modbus TCP/IP, OPC-UA, EtherNet/IP, PROFINET. Security & Compliance: In-depth knowledge of IEC 62443, Zero Trust Architecture (ZTA), and industrial cybersecurity. Experience in firewall configurations, network segmentation, and encrypted communications (TLS 1.3, AES-256). Understanding of SIEM integration and OT security monitoring tools (Claroty, Nozomi, Dragos, CyberX). Platform Development & Integration: Experience in building scalable network discovery and security platforms for industrial automation. Familiarity with cloud-based OT security solutions (Azure Defender for IoT, AWS IoT Device Defender). Ability to work with RESTful APIs, MQTT, Kafka, and real-time event processing frameworks. Tools & Technologies: Network Security & Monitoring: Wireshark, Nmap, Zeek, Snort, Suricata. OT Security Platforms: Claroty, Nozomi Networks, Dragos, CyberX. Cloud & Edge Security: Azure IoT Hub, AWS IoT Core, Google Cloud IoT. PLC & SCADA Systems: Siemens, Rockwell, ABB, Schneider Electric, GE. Cloud & Edge Security: Azure Defender for IoT, AWS IoT Device Defender. Show more Show less