Senior/Staff/Principal AI/ML Engineer - Threat Detection Engineering

Appgate

$130K — $180K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of AI/ML engineering experience, preferably in threat detection or identity security platforms.
  • Expertise in designing detection algorithms for identity-based threats like credential compromise and data exfiltration.
  • Proficient in building AI-powered security systems using deep learning and agentic AI techniques.
  • Experience with real-time data pipeline technologies (Kafka, Flink, Spark Streaming) and familiar with lakehouse formats.
  • Solid understanding of security frameworks such as MITRE ATT&CK and identity threat kill chains.

Responsibilities

  • Build a Threat Detection Engine to identify early signs of security threats.
  • Develop production models using various ML techniques to detect behavioral outliers.
  • Design risk scoring systems for dynamic user and session risk assessment.
  • Create scalable, low-latency detection pipelines for real-time event processing.
  • Implement security controls for autonomous AI agents to mitigate emerging threats.
  • Automate threat investigation and remediation workflows with agentic AI.
  • Train and deploy ML models on identity and network telemetry for accuracy in production.

Benefits

  • Chance to work on next-generation AI systems for threat detection and response.
  • Opportunity to shape security practices across networks and users.
  • Engage with cross-functional teams to influence product and security strategies.
  • Play a key role in protecting infrastructure relied upon globally.
  • Collaborate in a mission-driven environment focused on real-world impacts.
Full Job Description
About the Role

We're looking for a AI/ML Engineer (Senior/Staff/Principal) - Threat Detection who will design, build, and operationalize the detection algorithms, ML inference pipelines, and risk aggregation systems that power our autonomous threat detection platform.

You'll work at the intersection of identity security, behavioral analytics, and applied machine learning - building production systems that analyze ZTNA audit logs in near real-time, surface high-fidelity threat signals, and feed into our Risk Sentinel enforcement engine to continuously harden access decisions.

Key Responsibilities
• Your engineering work will directly enable next-generation capabilities, including:
• Threat Detection Engine: Build advanced detections to identify threats early, including identity compromise, privilege escalation, impossible travel, and data exfiltration across identity, network, device, and session telemetry.
• ML Anomaly Detection: Production models using Isolation Forest, One-Class SVM, and Autoencoder neural networks to surface behavioral outliers that rules miss.
• Risk Aggregation & Enforcement: Design/develop accurate and explainable risk scoring systems that continuously normalize and correlate detection signals into dynamic user, device, and session risk scores that directly drive adaptive access enforcement decisions.
• Real-Time Detection Pipeline: Build scalable, low-latency streaming pipelines that process ZTNA events in near real time, enabling resilient, high-throughput security analytics.
• AI Agent Security: Define and implement security controls for autonomous AI agents, including detection of agent drift, unauthorized resource access, prompt injection attacks, privilege escalation, data leakage, and other emerging threats in Agentic AI systems.
• Autonomous Remediation (Roadmap): Leverage agentic AI to automate threat investigation, contextual analysis, and remediation workflows, enabling intelligent containment and response for high-confidence security incidents.
• Design and implement detection algorithms spanning authentication, authorization, network/location, data access, session management, and temporal behavioral domains.
• Train, evaluate, and deploy ML models on real-world identity and network telemetry; tune for production precision and recall targets.
• Architect and operate the detection pipeline - from audit log ingestion through risk aggregation and Risk Sentinel integration.
• Define the detection taxonomy - categorizing, prioritizing, and lifecycle-managing the full detection library using a scalable detection family model.
• Instrument and improve signal quality - measuring MTTD, false positive rates, and MITRE ATT&CK coverage; partnering with red teams to validate detections against real attack scenarios.
• Collaborate cross-functionally with security, product, and platform engineering to align detection coverage with customer threat models and roadmap priorities.

Required Qualifications
7+ years of production AI/ML engineering experience, with a strong preference for candidates who have built threat detection, UEBA, ITDR, or identity security platforms at leading security or cloud companies.
Detection algorithm expertise: Hands-on experience designing detections for identity-based threats - credential compromise, privilege escalation, insider activity, behavioral anomalies, and data exfiltration.
ML proficiency: Experience building AI-powered security systems using large language models, deep learning, and agentic AI techniques for threat detection, anomaly analysis, contextual investigation, and intelligent remediation.
Data & streaming engineering: Real-time or near-real-time pipeline experience (Kafka, Flink, Spark Streaming, or equivalent); familiarity with lakehouse formats (Apache Iceberg, Parquet).
Security domain knowledge: MITRE ATT&CK, identity threat kill chains, ZTNA or network access control systems, and audit log analysis.
Bonus: Experience with detection-as-code frameworks (Sigma, YARA), ZTNA platforms, LLMs or GNNs applied to security, or publications at USENIX, CCS, NeurIPS, or ICML.
Mindset: Mission-driven, production-focused, signal-obsessed. You measure precision and recall, you eliminate alert fatigue, and you care that your work protects real systems.

This is your chance to build the AI systems that detect, prevent, and auto-remediate threats across networks, users, and autonomous AI agents.

If you are an experienced AI/ML Engineer who has built identity or network threat detection platforms at scale and wants your next platform to protect the people and infrastructure the world depends on - we want to hear from you.

Similar Jobs

More Jobs at Appgate

More Information Technology Jobs

Find similar Senior/Staff/Principal AI/ML Engineer - Threat Detection Engineering jobs: