[Responsibilities] Build and deploy alert prioritization models that score incoming security alerts by severity, exploitability, and business impact — reducing noise so analysts focus on what matters Develop alert clustering and grouping systems that identify similar patterns across thousands of alerts and surface them as coherent incidents rather than disconnected noise Train and maintain true positive / false positive classifiers that learn from analyst feedback to automatically distinguish real threats from benign activity Design anomaly detection models over normalized log data to identify deviations from baseline behavior for users, assets, and network activity Build the feedback loop infrastructure where analyst corrections (e.g., marking an alert as false positive) flow back into model retraining and continuously improve accuracy Develop embedding and similarity systems for matching new alerts against known attack patterns, past incidents, and threat intelligence Create feature engineering pipelines that transform raw security logs, MITRE ATT&CK mappings, and contextual metadata into ML-ready features Build evaluation and monitoring infrastructure — tracking model drift, precision/recall over time, and alerting when model performance degrades Support attack path analysis on the offensive platform by building models that score and rank vulnerability chains by exploitability and impact [Requirements] Must Have 5+ years of applied ML engineering experience — building, deploying, and maintaining models in production (not just notebooks) Strong proficiency in Python and ML libraries: scikit-learn, XGBoost, PyTorch or TensorFlow Hands-on experience with classification, clustering, and anomaly detection on structured/tabular data Experience building feature engineering and data pipelines at scale (Spark, Airflow, or similar) Solid understanding of evaluation methodology — precision/recall tradeoffs, class imbalance handling, A/B testing, and monitoring for drift Experience with embedding models and similarity search (vector databases, nearestneighbor retrieval) Ability to work with messy, high-volume,real-world data — inconsistent schemas, missing fields, adversarial noise Strong software engineering fundamentals — you write production code, not just experiments Strong Plus Background in cybersecurity, fraud detection, or abuse/trust & safety — any domain where you've built classifiers on adversarial data Experience with SIEM data, log analytics, or network telemetry (Wazuh, OpenSearch, Elastic, Splunk) Familiarity with MITRE ATT&CK framework or security detection engineering Experience building human-in-the-loop ML systems where user feedback drives model improvement Knowledge of graph-based ML (Graph Neural Networks, Neo4j GDS) for modeling relationships between entities, attack paths, or alert correlations Experience with time-series anomaly detection (user behavior analytics, baseline deviation) Familiarity with LLM integration — using embeddings from language models for text-based security data (log messages, alert descriptions) Mindset You think in terms of systems, not models — a model is only useful if it's deployed, monitored, and improving You're comfortable working at the intersection of ML and domain expertise, translating security problems into ML formulations You care about precision in high-stakes environments — a false negative in security can mean a missed breach You're pragmatic — you'll use a simple logistic regression if it solves the problem, and reach for deep learning only when it's justified