Sr. Security Data Scientist

Your Impact

Threat Intelligence and Risk Modeling

• Examine large-scale security datasets to identify threat patterns, attacker TTPs (Tactics, Techniques, and Procedures), and emerging risks.
• Construct and iterate on threat risk models using statistical and machine learning methods to evaluate breach likelihoods and segmentation efficacy.
• Utilize security graphs to model attack paths, recommend segmentation strategies to reduce the risk of lateral movement, and suggest mitigation strategies.

Detection and Analytics Engineering

• Create ML models for anomaly detection, behavioral profiling, and breach identification across multi-cloud, hybrid, and on-premises setups.
• Work with threat researchers and engineers to enhance datasets, test hypotheses, and develop detection algorithms based on real-world threats.
• Assess and refine model performance to deliver reliable detections with low false positives.

Product Collaboration and Strategic Guidance

• Team up with product managers, engineers, and designers to integrate threat insights into roadmaps, user interfaces, and analytics tools.
• Advise on threat assessment frameworks, data needs, and incorporating external intelligence sources.
• Deploy and monitor models in production, ensuring scalability and reliability.

Research and Thought Leadership

• Investigate cutting-edge techniques for graph-based threat detection, like graph neural networks or AI-optimized policies.
• Contribute to internal research, patents, and potential publications to position Illumio as an industry leader.
• Track adversary trends, regulatory shifts, and innovations to influence our detection and risk strategies.

Your Toolkit

• 5+ years of experience in data science, detection engineering, threat intelligence, or security analytics, ideally in dynamic environments like cloud or network security.
• Proficiency in Python for data handling and modeling (e.g., Pandas, NumPy, Scikit-learn, TensorFlow/PyTorch), complemented by solid SQL skills for large dataset queries.
• Hands-on experience developing and deploying ML or statistical models for security applications, such as anomaly detection or risk assessment.
• Familiarity with threat detection principles and frameworks (e.g., MITRE ATT&CK).
• Security telemetry sources (e.g., EDR, NDR, AWS or Azure flow logs, AWS GuardDuty, Azure Defender data, etc).
• Network security fundamentals, including zero-trust and segmentation concepts.
• Proven ability to evaluate models, tune parameters, and manage challenges like imbalanced data in security scenarios.
• Skill in communicating technical insights to diverse audiences, from engineers to product leaders.
• Experience with large-scale telemetry datasets from varied sources.

Preferred Qualifications

• 7-10+ years in the field, with a track record in high-impact security roles.
• Knowledge of graph databases and analytics (e.g., Neo4j, graph algorithms applied to security).
• Experience productionizing ML models in cloud environments (e.g., AWS, GCP, Kubernetes).
• Background at a cybersecurity product company (e.g., in endpoint, SIEM, or network security).
• Expertise in identity threats or integrating threat intel APIs.
• Publications, open-source contributions, or certifications (e.g., CISSP, GIAC, advanced ML certs).