We are looking for a Senior Proactive Security Engineer to turn architectural requirements into running, sustainable systems. You will take a deception or detection concept - a sensor design, a threat-intelligence integration, an ML correlation pipeline - and stand it up on real infrastructure so it works on day one and keeps working without breaking. This is a hands-on build-and-maintain role for an engineer who is equally comfortable with system architecture, code, and the security theory behind why it all matters.
What You'll Do- Build and operate deception infrastructure. Take requirements for honeynet sensors and emulated customer environments and implement them on servers and cloud infrastructure - provisioning, configuration, hardening, and deployment.
- Integrate threat intelligence pipelines. Stand up ingestion, enrichment, and correlation across multiple intelligence sources, and route outputs into platform detection and response workflows.
- Engineer detection and event-correlation workflows. Combine system telemetry, behavioral monitoring, and ML-based classification into production-grade detection pipelines.
- Translate research into applied systems. Turn security theory and research concepts into production-grade implementations, documented so they are reproducible by the next engineer who touches them.
- Own reliability and sustainability. Monitoring, access control, patching, and lifecycle management - the systems you build stay stable in production, not just on demo day.
- Integrate AI/ML capabilities. Build and operate LLM-powered analysis pipelines, agentic workflows, and AI-driven enrichment, classification, and detection - engineered to run reliably under production constraints.
- Collaborate across the platform. Work with the Proactive Security Lead, MDR/SOC teams, and platform architecture to ensure deception and intelligence outputs integrate cleanly into Cosmos operations.
Required Qualifications- Hands-on experience deploying, configuring, and securing servers and infrastructure (Linux-centric: Ubuntu, CentOS/RHEL, Debian).
- Strong coding background - Python and Bash/shell scripting at minimum; ability to automate provisioning and integrate systems via APIs.
- Demonstrated ability to take a theoretical concept or research requirement and implement it as working applied technology.
- System architecture experience - designing systems that are sustainable, monitored, and resilient rather than one-off setups.
- Proactive security experience - honeynets and deception, anomaly detection, vulnerability assessment, or similar offensive-informed defensive work.
- Threat intelligence experience - ingesting, enriching, and correlating intel feeds.
- Experience with SIEM and log/event correlation (Microsoft Sentinel and/or Splunk preferred; Elastic Security acceptable).
- Network analysis fundamentals (Wireshark, Nmap, TCP/IP).
- Experience with agentic AI systems, LLM orchestration, prompt engineering, or RAG pipelines.
- Familiarity with applying AI to security use cases - anomaly detection, threat classification, alert triage, or intelligence enrichment.
Preferred Qualifications- Container and orchestration experience (Docker, Kubernetes/EKS).
- ML-based anomaly/threat detection model development.
- HPC or GPU-accelerated systems experience (CUDA, SLURM, NVIDIA clusters) used for AI model development.
- RBAC and multi-tenant access control design.
- Advanced degree (M.S. or Ph.D.) in cybersecurity, computer engineering, or a related field.
- Research or publication background in security, side-channel analysis, or systems security.
- SOC operations exposure (Tier-1 or above).
- Experience working alongside legal/compliance review on offensive-informed defensive capabilities.
