Senior/Staff/Principal AI/ML Engineer - Threat Detection Engineering

About AppGate

AppGate secures and protects an organization's most valuable assets with its high performance Zero Trust Network Access (ZTNA) solution. AppGate is the only direct-routed ZTNA solution built for peak performance, superior protection and seamless interoperability. AppGate safeguards Fortune 500 enterprises worldwide. Learn more at appgate.com. 

About the Role

We're looking for a AI/ML Engineer (Senior/Staff/Principal) - Threat Detection who will design, build, and operationalize the detection algorithms, ML inference pipelines, and risk aggregation systems that power our autonomous threat detection platform.

You'll work at the intersection of identity security, behavioral analytics, and applied machine learning — building production systems that analyze ZTNA audit logs in near real-time, surface high-fidelity threat signals, and feed into our Risk Sentinel enforcement engine to continuously harden access decisions.

Key Responsibilities

•       Your engineering work will directly enable next-generation capabilities, including:

•       Threat Detection Engine: Rule-based, behavioral, and ML-based detections across identity, access, network, and session domains — including brute force, privilege escalation, impossible travel, data exfiltration, and off-hours activity.

•       ML Anomaly Detection: Production models using Isolation Forest, One-Class SVM, and Autoencoder neural networks to surface behavioral outliers that rules miss.

•       Risk Aggregation & Enforcement: Normalize and weight detection signals into user and device risk scores; integrate with the AppGate Risk Sentinel engine to drive continuous access decisions.

•       Real-Time Detection Pipeline: Near real-time streaming architecture ingesting ZTNA audit logs, with stateless detection outputs feeding incrementally updated risk scores.

•       AI Agent Security: Detect drift, unexpected resource escalation, and signs of compromise or misconfiguration in autonomous AI agents operating within the ZTNA environment.

•       Autonomous Remediation (Roadmap): Build the enforcement feedback loop enabling the Risk Sentinel to auto-remediate high-confidence threats and support AI-assisted investigation.

•       Design and implement detection algorithms spanning authentication, authorization, network/location, data access, session management, and temporal behavioral domains.

•       Train, evaluate, and deploy ML models on real-world identity and network telemetry; tune for production precision and recall targets.

•       Architect and operate the detection pipeline — from audit log ingestion through risk aggregation and Risk Sentinel integration.

•       Define the detection taxonomy — categorizing, prioritizing, and lifecycle-managing the full detection library using a scalable detection family model.

•       Instrument and improve signal quality — measuring MTTD, false positive rates, and MITRE ATT&CK coverage; partnering with red teams to validate detections against real attack scenarios.

•       Collaborate cross-functionally with security, product, and platform engineering to align detection coverage with customer threat models and roadmap priorities.

Required Qualifications

•        7+ years of production AI/ML engineering experience, with a strong preference for candidates who have built threat detection, UEBA, ITDR, or identity security platforms at leading security or cloud companies.

•        Detection algorithm expertise: Hands-on experience designing detections for identity-based threats — credential compromise, privilege escalation, insider activity, behavioral anomalies, and data exfiltration.

•        ML proficiency: Anomaly detection (Isolation Forest, One-Class SVM, Autoencoders), statistical methods, and supervised classification using PyTorch or TensorFlow.

•        Data & streaming engineering: Real-time or near-real-time pipeline experience (Kafka, Flink, Spark Streaming, or equivalent); familiarity with lakehouse formats (Apache Iceberg, Parquet).

•        Security domain knowledge: MITRE ATT&CK, identity threat kill chains, ZTNA or network access control systems, and audit log analysis.

•        Bonus: Experience with detection-as-code frameworks (Sigma, YARA), ZTNA platforms, LLMs or GNNs applied to security, or publications at USENIX, CCS, NeurIPS, or ICML.

•        Mindset: Mission-driven, production-focused, signal-obsessed. You measure precision and recall, you eliminate alert fatigue, and you care that your work protects real systems.

This is your chance to build the AI systems that detect, prevent, and auto-remediate threats across networks, users, and autonomous AI agents.

If you are an experienced AI/ML Engineer who has built identity or network threat detection platforms at scale and wants your next platform to protect the people and infrastructure the world depends on — we want to hear from you.

AppGate is An Equal Opportunity/Affirmative Action Employer.