Job Description
At Gigamon, our purpose is to protect the hybrid networks and data of the largest, most complex organizations on the planet. Certified as a Great Place to Work, we offer a deep observability pipeline that efficiently delivers network-derived intelligence to cloud, security, and observability tools. This helps our customers to eliminate security blind spots, optimize network traffic, and dramatically reduce tool cost and complexity, enabling them to better secure and manage their hybrid cloud infrastructure. Gigamon has served more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, 9 of the 10 largest mobile network providers, and hundreds of governments and educational organizations.
As a Principal Security Detections Engineer on the GigaSMART team, you will design and deliver advanced detection capabilities that transform deep network and application telemetry into actionable security insights. You will work at the intersection of network security, detection engineering, and high-performance systems software to identify suspicious activity, improve threat visibility, and strengthen Gigamon’s security analytics portfolio. This role partners closely with engineering, product management, QA, and solution teams to define detection use cases, implement scalable pipelines, and validate real-world security outcomes across hybrid and cloud environments. Your work will directly influence how customers detect threats, investigate incidents, and operationalize Gigamon telemetry within their broader security ecosystem.
This role is based out of our Santa Clara, CA headquarters, following a hybrid schedule of on-site currently Monday, Tuesday, and Thursday (3 days per week), with additional on-site presence as business needs require.
What you’ll do
- Design, develop, and enhance security detections and analytics for Gigamon security and observability solutions.
- Translate threat use cases, attack techniques, and customer requirements into robust detection logic, metadata correlations, and product capabilities.
- Build and optimize software components that process high-volume network, application, and security telemetry with strong focus on scale, accuracy, and performance.
- Develop detections for suspicious behaviors such as lateral movement, anomalous communications, protocol misuse, risky encrypted traffic patterns, and policy violations.
- Work across data plane and control plane components to implement, test, and debug features in C, C++, Go, and related technologies as appropriate.
- Collaborate with cross-functional teams on product requirements, software architecture, design reviews, and validation plans for new security features.
- Partner with product management and field teams to prioritize detection coverage aligned with customer security outcomes and market needs.
- Integrate detection workflows with modern security ecosystems, including SIEM, XDR, SOAR, data lake, and cloud-native security platforms.
- Author functional specifications, design documents, detection content guidance, and operational documentation for internal and customer-facing use.
- Mentor engineers on secure design, detection engineering practices, troubleshooting, and performance-aware implementation.
What you’ve done
- Bachelor’s or Master’s degree in Computer Science, Computer Engineering, Electrical Engineering, or a related technical field.
- Typically 10+ years of experience in software engineering, security engineering, detection engineering, or a closely related domain.
- Strong hands-on proficiency in one or more systems programming languages such as C, C++, or Go; Python experience for tooling, automation, or analytics is a plus.
- Deep understanding of network and security protocols, with solid knowledge of areas such as TCP/IP, HTTP, TLS/SSL, DNS, proxy technologies, and modern cloud/network architectures.
- Experience building or operationalizing security detections for threat hunting, incident response, NDR, IDS/IPS, SIEM, XDR, or related security analytics platforms.
- Proven ability to convert attacker behaviors, threat intelligence, and detection hypotheses into scalable product features, correlation logic, or analytic content.
- Experience with high-performance, multi-core, multi-process, or multi-threaded systems and an understanding of performance trade-offs in production software.
- Familiarity with cloud-native and data pipeline technologies such as Docker, Kubernetes, Kafka, and public cloud platforms including AWS, Azure, or GCP.
- Experience working with security data models, telemetry normalization, enrichment, or correlation across multiple data sources is highly desirable.
- Strong debugging, analytical, and problem-solving skills, with the ability to investigate complex product, protocol, and customer issues.
- Excellent written and verbal communication skills, including the ability to explain technical trade-offs clearly across engineering and product teams.
Who you are
- You think like both an engineer and a defender, balancing product quality, performance, and security value.
- You are energized by turning ambiguous threat problems into clear technical designs and practical detections.
- You are comfortable working in a fast-paced environment and can drive complex initiatives with strong ownership and follow-through.
- You bring sound technical judgment, ask the right questions, and make thoughtful trade-offs grounded in customer impact.
- You collaborate effectively across teams and enjoy mentoring others while raising the technical bar.
- You care about building durable, maintainable solutions rather than one-off fixes.
- You are curious about evolving attack techniques, detection methodologies, and the changing security landscape.
The base salary compensation range targeted for this role is expected to be between $208,000 - $260,000 (subject to terms and conditions of the plan). This salary range is an estimate, and the actual salary may vary based on the Company’s compensation practices.
