Sr. Security Data Scientist
Illumio · San Jose, CA · 6 days ago
On-siteEngineeringFull-time
Job Summary
The Threat Intelligence and Risk Modeling Engineer will contribute to the development and deployment of advanced threat detection and risk assessment models, collaborating with product teams to ensure the Illumio Insights platform remains at the forefront of cybersecurity innovation.
About the Role
Join our Threat Research Team to provide critical insights into emerging threats and risk models. You'll work closely with product teams to integrate threat intelligence into product features and roadmaps, ensuring the platform is resilient against advanced cyber threats.
Responsibilities
- Examine large-scale security datasets to identify threat patterns, attacker tactics, techniques, and procedures (TTPs), and emerging risks.
- Construct and iterate on threat risk models using statistical and machine learning methods to evaluate breach likelihoods and segmentation efficacy.
- Create ML models for anomaly detection, behavioral profiling, and breach identification across multi-cloud, hybrid, and on-premises setups.
- Work with threat researchers and engineers to enhance datasets, test hypotheses, and develop detection algorithms based on real-world threats.
- Audit and refine model performance to deliver reliable detections with low false positives.
- Collaborate with product managers, engineers, and designers to integrate threat insights into roadmaps, user interfaces, and analytics tools.
- Advise on threat assessment frameworks, data needs, and incorporating external intelligence sources.
- Deploy and monitor models in production, ensuring scalability and reliability.
- Investigate cutting-edge techniques for graph-based threat detection, like graph neural networks or AI-optimized policies.
- Contribute to internal research, patents, and potential publications to position Illumio as an industry leader.
- Track adversary trends, regulatory shifts, and innovations to influence our detection and risk strategies.
Requirements
- 5+ years of experience in data science, detection engineering, threat intelligence, or security analytics, ideally in dynamic environments like cloud or network security.
- Proficiency in Python for data handling and modeling (e.g., Pandas, NumPy, Scikit-learn, TensorFlow/PyTorch), complemented by solid SQL skills for large dataset queries.
- Hands-on experience developing and deploying ML or statistical models for security applications, such as anomaly detection or risk assessment.
- Familiarity with Threat detection principles and frameworks (e.g., MITRE ATT&CK).
- Security telemetry sources (e.g., EDR, NDR, AWS or Azure flow logs, AWS GuardDuty, Azure Defender data, etc).
- Network security fundamentals, including zero-trust and segmentation concepts.
- Proven ability to evaluate models, tune parameters, and manage challenges like imbalanced data in security scenarios.
- Skill in communicating technical insights to diverse audiences, from engineers to product leaders.
- Experience with large-scale telemetry datasets from varied sources.
Preferred Qualifications
- 7-10+ years in the field, with a track record in high-impact security roles.
- Knowledge of graph databases and analytics (e.g., Neo4j, graph algorithms applied to security).
- Experience productionizing ML models in cloud environments (e.g., AWS, GCP, Kubernetes).
- Background at a cybersecurity product company (e.g., in endpoint, SIEM, or network security).
- Expertise in identity threats or integrating threat intel APIs.
- Publishations, open-source contributions, or certifications (e.g., CISSP, GIAC, advanced ML certs).
- Familiarity with Bay Area cybersecurity ecosystems or prior work in tech hubs.