🛠 Tech Stack

💼 About This Role

You'll own the high-volume detection work that keeps GreyNoise's datasets accurate and customers protected. Your core impact is building, validating, and maintaining detections at scale, turning vague problems into repeatable workflows and shipping lots of small, concrete things. This role is intentionally focused on operational execution rather than research.

🎯 What You'll Do

• Write and tune Intrusion Detection System rules based on observed network behavior.
• Maintain tag coverage: add new tags, fix broken ones, de-duplicate overlaps.
• Triage inbound detection requests, CVEs, and coverage questions weekly.
• Validate detections against real traffic and manage false positive/false negative trade-offs.

📋 Requirements

• Packet capture analysis: read and analyze pcaps.
• Suricata rules: experience writing or maintaining network detection signatures.
• Context switching: move between tags, rules, pcaps, and requests throughout the day.
• Attention to detail: small mistakes have outsized downstream effects.

✨ Nice to Have

• Experience with IDS/IPS platforms, Zeek, Sigma, or Snort.
• Exposure to large-scale internet telemetry or threat intelligence feeds.

🎁 Benefits & Perks

• 💵 Equity in a high-growth Series-A startup.
• 👩‍⚕️ 100% covered health, dental, vision, life for employees.
• 6️⃣ 401k employer match of 6% vested from day one.
• 🏖️ Flexible PTO (recommended 3+ weeks annually).
• 🌎 Remote-first culture with optional DC office.

📨 Hiring Process

Estimated timeline: 2-3 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Technical Interview· 60 min
3. 3Hiring Manager Interview· 45 min