Jobs · Engineering

Senior/Staff/Principal AI/ML Engineer - Threat Detection Engineering

AppGate · New York, NY · 2 mo ago
RemoteRemoteEngineeringFull-time

About the role

AppGate secures and protects an organization's most valuable assets with its high performance Zero Trust Network Access (ZTNA) solution. AppGate is the only direct-routed ZTNA solution built for peak performance, superior protection and seamless interoperability. AppGate safeguards Fortune 500 enterprises worldwide. Learn more at appgate.com.

Key Responsibilities

  • Design, build, and operationalize the detection algorithms, ML inference pipelines, and risk aggregation systems that power our autonomous threat detection platform.
  • Work at the intersection of identity security, behavioral analytics, and applied machine learning — building production systems that analyze ZTNA audit logs in near real-time, surface high-fidelity threat signals, and feed into our Risk Sentinel enforcement engine to continuously harden access decisions.
  • Enable next-generation capabilities, including:
    • Threat Detection Engine: Build advanced detections to identify threats early, including identity compromise, privilege escalation, impossible travel, and data exfiltration across identity, network, device, and session telemetry.
    • ML Anomaly Detection: Production models using Isolation Forest, One-Class SVM, and Autoencoder neural networks to surface behavioral outliers that rules miss.
    • Risk Aggregation & Enforcement: Design/develop accurate and explainable risk scoring systems that continuously normalize and correlate detection signals into dynamic user, device, and session risk scores that directly drive adaptive access enforcement decisions.
    • Real-Time Detection Pipeline: Build scalable, low-latency streaming pipelines that process ZTNA events in near real time, enabling resilient, high-throughput security analytics.
    • AI Agent Security: Define and implement security controls for autonomous AI agents, including detection of agent drift, unauthorized resource access, prompt injection attacks, privilege escalation, data leakage, and other emerging threats in Agentic AI systems.
    • Autonomous Remediation (Roadmap): Leverage agentic AI to automate threat investigation, contextual analysis, and remediation workflows, enabling intelligent containment and response for high-confidence security incidents.

Required Qualifications

  • 7+ years of production AI/ML engineering experience, with a strong preference for candidates who have built threat detection, UEBA, ITDR, or identity security platforms at leading security or cloud companies.
  • Detection algorithm expertise: Hands-on experience designing detections for identity-based threats — credential compromise, privilege escalation, insider activity, behavioral anomalies, and data exfiltration.
  • MLOps & Productionization: Experience building and operating scalable MLOps platforms for AI/ML systems, including model lifecycle management, CI/CD for ML pipelines, feature stores, automated retraining, model monitoring/drift detection, experiment tracking, and deployment orchestration using Kubernetes, MLflow, Kubeflow, SageMaker, or equivalent tooling in high-throughput production environments.
  • ML proficiency: Experience building AI-powered security systems using large language models, deep learning, and agentic AI techniques for threat detection, anomaly analysis, contextual investigation, and intelligent remediation.
  • Data & streaming engineering: Real-time or near-real-time pipeline experience (Kafka, Flink, Spark Streaming, or equivalent); familiarity with lakehouse formats (Apache Iceberg, Parquet).
  • Security domain knowledge: MITRE ATT&CK, identity threat kill chains, ZTNA or network access control systems, and audit log analysis.

Bonus

  • Experience with detection-as-code frameworks (Sigma, YARA), ZTNA platforms, LLMs or GNNs applied to security, or publications at USENIX, CCS, NeurIPS, or ICML.

Mindset

  • Mission-driven, production-focused, signal-obsessed. You measure precision and recall, you eliminate alert fatigue, and you care that your work protects real systems.

Company Information

AppGate is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class. In furtherance of AppGate's policy regarding affirmative action and equal employment opportunity, AppGate has developed a written affirmative action program. This program is available for review upon request by any applicant or employee during normal business hours by contacting the company's EEO Coordinator.

Similar jobs