Senior/Staff/Principal AI/ML Engineer - Threat Detection Engineering

About AppGate

AppGate secures and protects an organization's most valuable assets with its high performance Zero Trust Network Access (ZTNA) solution. AppGate is the only direct-routed ZTNA solution built for peak performance, superior protection and seamless interoperability. AppGate safeguards Fortune 500 enterprises worldwide. Learn more at appgate.com.

About the Role

We're looking for a AI/ML Engineer (Senior/Staff/Principal) - Threat Detection who will design, build, and operationalize the detection algorithms, ML inference pipelines, and risk aggregation systems that power our autonomous threat detection platform.

You'll work at the intersection of identity security, behavioral analytics, and applied machine learning — building production systems that analyze ZTNA audit logs in near real-time, surface high-fidelity threat signals, and feed into our Risk Sentinel enforcement engine to continuously harden access decisions.

Key Responsibilities

• Your engineering work will directly enable next-generation capabilities, including:

• Threat Detection Engine: Build advanced detections to identify threats early, including identity compromise, privilege escalation, impossible travel, and data exfiltration across identity, network, device, and session telemetry.

• ML Anomaly Detection: Production models using Isolation Forest, One-Class SVM, and Autoencoder neural networks to surface behavioral outliers that rules miss.

• Risk Aggregation & Enforcement: Design/develop accurate and explainable risk scoring systems that continuously normalize and correlate detection signals into dynamic user, device, and session risk scores that directly drive adaptive access enforcement decisions.

• Real-Time Detection Pipeline: Build scalable, low-latency streaming pipelines that process ZTNA events in near real time, enabling resilient, high-throughput security analytics.

• AI Agent Security: Define and implement security controls for autonomous AI agents, including detection of agent drift, unauthorized resource access, prompt injection attacks, privilege escalation, data leakage, and other emerging threats in Agentic AI systems.

• Autonomous Remediation (Roadmap): Leverage agentic AI to automate threat investigation, contextual analysis, and remediation workflows, enabling intelligent containment and response for high-confidence security incidents.

• Design and implement detection algorithms spanning authentication, authorization, network/location, data access, session management, and temporal behavioral domains.

• Train, evaluate, and deploy ML models on real-world identity and network telemetry; tune for production precision and recall targets.

• Architect and operate the detection pipeline — from audit log ingestion through risk aggregation and Risk Sentinel integration.

• Define the detection taxonomy — categorizing, prioritizing, and lifecycle-managing the full detection library using a scalable detection family model.

• Instrument and improve signal quality — measuring MTTD, false positive rates, and MITRE ATT&CK coverage; partnering with red teams to validate detections against real attack scenarios.

• Collaborate cross-functionally with security, product, and platform engineering to align detection coverage with customer threat models and roadmap priorities.

Required Qualifications

• 7+ years of production AI/ML engineering experience, with a strong preference for candidates who have built threat detection, UEBA, ITDR, or identity security platforms at leading security or cloud companies.

• Detection algorithm expertise: Hands-on experience designing detections for identity-based threats — credential compromise, privilege escalation, insider activity, behavioral anomalies, and data exfiltration.

• ML proficiency: Experience building AI-powered security systems using large language models, deep learning, and agentic AI techniques for threat detection, anomaly analysis, contextual investigation, and intelligent remediation.

• Data & streaming engineering: Real-time or near-real-time pipeline experience (Kafka, Flink, Spark Streaming, or equivalent); familiarity with lakehouse formats (Apache Iceberg, Parquet).

• Security domain knowledge: MITRE ATT&CK, identity threat kill chains, ZTNA or network access control systems, and audit log analysis.

• Bonus: Experience with detection-as-code frameworks (Sigma, YARA), ZTNA platforms, LLMs or GNNs applied to security, or publications at USENIX, CCS, NeurIPS, or ICML.

• Mindset: Mission-driven, production-focused, signal-obsessed. You measure precision and recall, you eliminate alert fatigue, and you care that your work protects real systems.

This is your chance to build the AI systems that detect, prevent, and auto-remediate threats across networks, users, and autonomous AI agents.

If you are an experienced AI/ML Engineer who has built identity or network threat detection platforms at scale and wants your next platform to protect the people and infrastructure the world depends on — we want to hear from you.

AppGate is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class. In furtherance of AppGate's policy regarding affirmative action and equal employment opportunity, AppGate has developed a written affirmative action program. This program is available for review upon request by any applicant or employee during normal business hours by contacting the company's EEO Coordinator.