Machine Learning & Modeling Develop supervised and unsupervised ML models for anomaly detection, fraud/threat pattern discovery, alert classification, confidence scoring, and signal fidelity improvements. Build and maintain feature pipelines over multi‑modal security telemetry (identity, endpoint, network, cloud). Apply graph‑focused ML techniques (graph embeddings, GNNs, similarity scoring, relationship modeling). Contribute to graph construction logic, schema evolution, and ontology-driven enrichment for Verdict Net, Verdict Propagation, Campaign Graphs, and Vortex insights. Implement graph traversal, multi-hop reasoning, and cluster detection algorithms to surface hidden attack patterns. Participate in performance optimization and health management of large-scale threat graphs. Analyze large, noisy, high‑dimensional security datasets using ADX/Kusto, Spark, and distributed compute platforms. Build high-quality research code and prototypes that transition smoothly to engineering teams for productionization. Collaborate with detection engineering, threat research, product teams and red teams to integrate ML outcomes into real-world protection experiences. Translate complex analytical insights into actionable improvements for detections, disruptions, and customer-facing intelligence. Participate in on-call data issue triage (signal quality, false positives, enrichment gaps) as applicable for DEX workflows. Bachelor's degree in CS, Data Science, EE, Mathematics or related field AND 6+ years of hands-on DS/ML experience. Experience with ML techniques such as: gradient-boosted models, supervised/unsupervised learning, embeddings, clustering, anomaly detection. Experience querying & analyzing large datasets using Kusto, SQL, Spark, or equivalent data engines. Ability to write clean, reliable research code and communicate findings clearly.
