IHUB NTIHAC FOUNDATION
We are looking for a Senior ML Engineer to build and maintain cloud-side detection models for a cybersecurity platform. This role focuses on graph-based and sequential detection systems that operate on large-scale, multi-source security telemetry — endpoint events, identity logs, network signals, and cloud activity.

The ideal candidate has production experience with graph neural networks and temporal models, is comfortable with noisy and sparse ground truth, and takes full ownership from problem framing through deployment and monitoring.

Key Responsibilities
  • Design and build GNN-based detection models over process lineage, lateral movement, and entity relationship graphs
  • Construct and maintain heterogeneous graphs from multi-source telemetry (endpoint, IdP, network, cloud)
  • Develop sequence and temporal models for multi-stage attack chain detection across alert and event streams
  • Build cross-source correlation models that fuse signals from disparate security data sources
  • Design and maintain evaluation infrastructure: replayable telemetry, per-technique benchmarks, adversarial test cases, and drift detection
  • Own model quality in production — monitor, debug, and retrain as adversarial patterns evolve

Required Qualifications
  • 5+ years of industry experience in ML engineering with a focus on production systems
  • Hands-on experience with GNNs (GCN, GAT, GraphSAGE, or similar) beyond academic or prototype work
  • Strong understanding of graph construction tradeoffs: schema design, temporal evolution, scalability
  • Experience with sequence modeling and anomaly detection on structured event data
  • Proficiency in Python; working knowledge of a compiled language (C++, Rust, or Go) is a plus
  • Experience building labeled data pipelines where ground truth is noisy or sparse

Preferred Qualifications
  • Experience with heterogeneous or dynamic graphs
  • Familiarity with MITRE ATT&CK as an evaluation and labeling framework
  • Prior work in cybersecurity domains — EDR, SIEM, fraud detection, or network security
  • Exposure to large-scale streaming data infrastructure (Kafka, Flink, or equivalent)
  • Familiarity with containerized ML serving (Docker, Kubernetes)

Minimum Qualifications
Bachelor's or Master's degree in Computer Science, Engineering, or a related field.
View all job openings