Senior/Staff/Principal AI/ML Engineer – Threat Detection Engineering

🕒 May 11

🗽 New York – Remote

🗽 New York – Remote

⏰ Full Time

🟠 Senior

🤖 Machine Learning Engineer

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

AppGate

WebsiteLinkedInAll Job Openings

501 - 1000 employees

🔒 Cybersecurity

🏢 Enterprise

Cybersecurity • Enterprise

AppGate is a global cybersecurity company that delivers high-performance Zero Trust Network Access (ZTNA) solutions for enterprises and government agencies. Its platform enforces identity-based, adaptive access policies using real-time risk scoring, AI-powered application discovery, and a direct-routed architecture designed to avoid cloud bottlenecks and scale with demanding environments. AppGate also provides professional services and cyber advisory offerings — including adversary simulation, penetration testing, and third-party access risk assessments — to help organizations implement and operationalize Zero Trust controls.

📋 Description

• Your engineering work will directly enable next-generation capabilities, including: • Threat Detection Engine: Build advanced detections to identify threats early, including identity compromise, privilege escalation, impossible travel, and data exfiltration across identity, network, device, and session telemetry. • ML Anomaly Detection: Production models using Isolation Forest, One-Class SVM, and Autoencoder neural networks to surface behavioral outliers that rules miss. • Risk Aggregation & Enforcement: Design/develop accurate and explainable risk scoring systems that continuously normalize and correlate detection signals into dynamic user, device, and session risk scores that directly drive adaptive access enforcement decisions. • Real-Time Detection Pipeline: Build scalable, low-latency streaming pipelines that process ZTNA events in near real time, enabling resilient, high-throughput security analytics. • AI Agent Security: Define and implement security controls for autonomous AI agents, including detection of agent drift, unauthorized resource access, prompt injection attacks, privilege escalation, data leakage, and other emerging threats in Agentic AI systems. • Autonomous Remediation (Roadmap): Leverage agentic AI to automate threat investigation, contextual analysis, and remediation workflows, enabling intelligent containment and response for high-confidence security incidents. • Design and implement detection algorithms spanning authentication, authorization, network/location, data access, session management, and temporal behavioral domains. • Train, evaluate, and deploy ML models on real-world identity and network telemetry; tune for production precision and recall targets. • Architect and operate the detection pipeline — from audit log ingestion through risk aggregation and Risk Sentinel integration. • Define the detection taxonomy — categorizing, prioritizing, and lifecycle-managing the full detection library using a scalable detection family model. • Instrument and improve signal quality — measuring MTTD, false positive rates, and MITRE ATT&CK coverage; partnering with red teams to validate detections against real attack scenarios. • Collaborate cross-functionally with security, product, and platform engineering to align detection coverage with customer threat models and roadmap priorities.

🎯 Requirements

• 7+ years of production AI/ML engineering experience, with a strong preference for candidates who have built threat detection, UEBA, ITDR, or identity security platforms at leading security or cloud companies. • Detection algorithm expertise: Hands-on experience designing detections for identity-based threats — credential compromise, privilege escalation, insider activity, behavioral anomalies, and data exfiltration. • ML proficiency: Experience building AI-powered security systems using large language models, deep learning, and agentic AI techniques for threat detection, anomaly analysis, contextual investigation, and intelligent remediation. • Data & streaming engineering: Real-time or near-real-time pipeline experience (Kafka, Flink, Spark Streaming, or equivalent); familiarity with lakehouse formats (Apache Iceberg, Parquet). • Security domain knowledge: MITRE ATT&CK, identity threat kill chains, ZTNA or network access control systems, and audit log analysis. • Bonus: Experience with detection-as-code frameworks (Sigma, YARA), ZTNA platforms, LLMs or GNNs applied to security, or publications at USENIX, CCS, NeurIPS, or ICML. • Mindset: Mission-driven, production-focused, signal-obsessed. You measure precision and recall, you eliminate alert fatigue, and you care that your work protects real systems.