Key skills
AI engineeringapplied MLdetection engineeringthreat intelligence automationStatistical analysisClustering methodsFeature engineeringPython proficiencycloud architecturesdistributed processing systemscybersecurity backgroundexplainable detection systemsnetwork-based risk scoringadaptive model strategiespassive DNS experiencePythonAIMLStatistical AnalysisNetwork Security
About this role
DNSFilter is a rapidly growing company dedicated to creating a safer internet through innovative network security solutions. They are seeking a Principal ML/AI Threat Engineer to design and deliver scalable, real-time threat intelligence systems utilizing AI-driven models to enhance threat detection and response capabilities.
Responsibilities:
- Design and maintain clustering frameworks to group and categorize malicious network indicators/assets at scale
- Analyze threat actor patterns and continuously evaluate cluster stability for adversarial drift, refining models for adaptation and resilience
- Identify persistent adversary fingerprints in DNS and convert them into functional products by building, training, and architecting performant AI/ML models at scale, utilizing hybrid detection and mitigation layers
- Build systems for scaled analytical decision-making, training, branching, drift detection, and recognizing real-world threats. Integrate feedback and balance adaptability with precision to eliminate false-positive amplification
- Develop infrastructure-linking methodologies, partner with researchers to validate attribution hypotheses, and implement informed confidence scoring
- Deliver production services with clear SLAs/SLOs, explainability, confidence metrics, monitoring, and observability, ensuring compatibility with DNSFilter’s vision and tech stack
- Present at security conferences, specifically ISAC
Requirements:
- 10+ total years across the fields of AI engineering, applied ML, detection engineering, threat research, or threat intelligence automation
- Experience building production AI/ML systems operating on high-volume telemetry
- Strong background in: Statistical analysis, Clustering methods, and Feature engineering at scale
- Deep understanding of adversarial tradecraft as observed in DNS or network data
- Strong Python proficiency, cloud architectures, and experience with distributed processing systems
- Experience designing technical systems independently at the principal scope
- Ability to work hours overlapping with Eastern Time
- Must be eligible to work in your region of hire without sponsorship from an employer now and/or in the future
- Direct experience with passive DNS or resolver telemetry
- Examples of hands-on work that has led to measurable outcomes
- Experience building network-based risk and/or confidence scoring mechanisms
- Familiarity with modern AI-engineering techniques and adaptive model strategies
- Background in cybersecurity, particularly nation-state APTs, major cyber groups, and threat actor automation
- Experience building explainable detection systems for customer-facing products