Senior/Staff/Principal AI/ML Engineer – Threat Detection Engineering

This is a fully remote position, open to applicants in New York.

📋 Description

• Your engineering contributions will directly facilitate next-generation capabilities, including:

• Threat Detection Engine: Develop advanced detection mechanisms to identify threats at an early stage, such as identity compromise, privilege escalation, impossible travel, and data exfiltration across identity, network, device, and session telemetry.

• ML Anomaly Detection: Create production models utilizing Isolation Forest, One-Class SVM, and Autoencoder neural networks to highlight behavioral anomalies that traditional rules may overlook.

• Risk Aggregation & Enforcement: Design and develop precise and interpretable risk scoring systems that continuously normalize and correlate detection signals into dynamic risk scores for users, devices, and sessions, directly influencing adaptive access enforcement decisions.

• Real-Time Detection Pipeline: Construct scalable, low-latency streaming pipelines that process ZTNA events in near real-time, enabling robust, high-throughput security analytics.

• AI Agent Security: Establish and implement security controls for autonomous AI agents, addressing issues such as agent drift detection, unauthorized resource access, prompt injection attacks, privilege escalation, data leakage, and other emerging threats within Agentic AI systems.

• Autonomous Remediation (Roadmap): Harness agentic AI to automate threat investigation, contextual analysis, and remediation workflows, allowing for intelligent containment and response to high-confidence security incidents.

• Design and implement detection algorithms that cover authentication, authorization, network/location, data access, session management, and temporal behavioral domains.

• Train, evaluate, and deploy ML models using real-world identity and network telemetry; optimize for production precision and recall targets.

• Architect and manage the detection pipeline — from audit log ingestion to risk aggregation and integration with Risk Sentinel.

• Define the detection taxonomy — systematically categorizing, prioritizing, and managing the entire detection library using a scalable detection family model.

• Enhance signal quality — evaluating MTTD, false positive rates, and coverage of MITRE ATT&CK; collaborating with red teams to validate detections against actual attack scenarios.

• Work collaboratively across security, product, and platform engineering teams to ensure alignment of detection coverage with customer threat models and roadmap priorities.

⛳️ Requirements

• 7+ years of hands-on experience in production AI/ML engineering, with a strong preference for candidates who have developed threat detection, UEBA, ITDR, or identity security platforms at leading security or cloud companies.

• Expertise in detection algorithms: Practical experience in designing detections for identity-based threats, such as credential compromise, privilege escalation, insider activity, behavioral anomalies, and data exfiltration.

• Proficiency in ML: Experience in creating AI-driven security systems employing large language models, deep learning, and agentic AI techniques for threat detection, anomaly analysis, contextual investigation, and intelligent remediation.

• Data & streaming engineering: Familiarity with real-time or near-real-time pipeline technologies (Kafka, Flink, Spark Streaming, or similar); knowledge of lakehouse formats (Apache Iceberg, Parquet).

• Security domain expertise: Understanding of MITRE ATT&CK, identity threat kill chains, ZTNA, or network access control systems, as well as audit log analysis.

• Bonus: Experience with detection-as-code frameworks (Sigma, YARA), ZTNA platforms, LLMs or GNNs applied to security, or research publications at USENIX, CCS, NeurIPS, or ICML.

• Mindset: Mission-driven, production-focused, and detail-oriented regarding signals. You actively measure precision and recall, strive to reduce alert fatigue, and are committed to ensuring your work safeguards real systems.

🏝️ Benefits

• Competitive salary and performance-based bonuses.

• Comprehensive health benefits, including medical, dental, and vision coverage.

• Opportunities for professional development and ongoing education.

• Flexible work arrangements, including remote work options.

• Collaborative and innovative work environment with a focus on cutting-edge technologies.