Principal Security Infrastructure Architect

Senior NDR Platform Observability Engineer will support the operational health, visibility, and performance of the enterprise Network Detection Response NDR environment with a primary focus on the Corelight platform and surrounding telemetry pipelines
Role Overview
This role is responsible for
Operating and maintaining the NDR ecosystem
Developing automated collection of health and performance metrics using Python and REST APIs.
Building a production ready observability stack using Grafana, Prometheus, InfluxDB and Telegraf.
Key Responsibilities
NDR Operations
Monitor sensor health data ingestion packet throughput and drop rates
Perform triage of NDR alerts and work with SOC IR teams on escalations
Support tuning of Zeek scripts Suricata rules and Corelight detection packs
Identify data gaps, ingest delays or coverage issues and drive resolution
Troubleshoot packet broker connections, SPAN TAP feeds and network visibility paths
Observability Monitoring Architecture
Design an enterprise grade observability solution for NDR platform and related telemetry systems.
Build metrics collectors using Python to ingest REST API data into monitoring platforms
Integrate metrics into Prometheus, InfluxDB, or similar time series databases
Create and maintain runbooks, playbooks, architecture diagrams and troubleshooting guides
Produce regular reports on platform status, performance alert trends and risk areas
Hands-on experience with Corelight Endace cpacket Zeek Suricata, or related NDR technologies.
Strong Python development skills especially for API integrations and automation
Experience with monitoring and visualization platforms Grafana Prometheus InfluxDB Telegraf
Solid understanding of network traffic, packet capture, and troubleshooting
Ability to create dashboards alerts and metrics pipelines for large scale environments
Experience supporting security operations teams or incident response workflows
Preferred Qualifications
Experience developing custom Prometheus exporters Python Go
Prior exposure to Corelight APIs and Zeek script customization
Familiarity with Docker Kubernetes or containerized exporters
Experience with SIEM platforms and log ingestion pipelines
Required AI Skills
All contractor resources are expected to demonstrate baseline proficiency in enterprise approved AI tools as part of their day-to day responsibilities This includes but is not limited to