Sr. Security Data Scientist

ONWARDS TOGETHER! Illumio is the leader in ransomware and breach containment, redefining how organizations contain cyberattacks and enable operational resilience. Powered by the Illumio AI Security Graph, our breach containment platform identifies and contains threats across hybrid multi-cloud environments – stopping the spread of attacks before they become disasters. Recognized as a Leader in the Forrester Wave™ for Microsegmentation, Illumio enables Zero Trust, strengthening cyber resilience for the infrastructure, systems, and organizations that keep the world running. LOCATION: 4 ON-SITE DAYS A WEEK IN SUNNYVALE, CA HEADQUARTERS. OUR TEAM'S VISION: At Illumio, we’re pioneering cybersecurity innovation with our Illumio Insights platform, which leverages a dynamic security graph built from network flows, workload inventories, identity data, threat data, and vulnerability data. This graph enables essential functions such as breach risk detection, network segmentation assessment, active breach identification, and intelligent policy recommendations. To accelerate our product evolution, we’re expanding our Threat Research Team with a dedicated expert who will serve as a long-term subject matter expert (SME) for the Illumio Insights product team. We’re looking for a talented Security Data Scientist to provide ongoing guidance on threats, threat intelligence, assessment models, and risk modeling. You’ll detect threats within our data ecosystems, build robust models, and collaborate closely with product teams to shape features, designs, and strategic direction. This role bridges data science, machine learning, threat research, and product development, offering a unique opportunity to impact how global organizations defend against advanced cyber threats in a high-demand field. YOUR IMPACT: Threat Intelligence and Risk Modeling - Examine large-scale security datasets to identify threat patterns, attacker TTPs (Tactics, Techniques, and Procedures), and emerging risks. - Construct and iterate on threat risk models using statistical and machine learning methods to evaluate breach likelihoods and segmentation efficacy. - Utilize security graphs to model attack paths, recommend segmentation strategies to reduce the risk of lateral movement, and suggest mitigation strategies. Detection and Analytics Engineering - Create ML models for anomaly detection, behavioral profiling, and breach identification across multi-cloud, hybrid, and on-premises setups. - Work with threat researchers and engineers to enhance datasets, test hypotheses, and develop detection algorithms based on real-world threats. - Assess and refine model performance to deliver reliable detections with low false positives Product Collaboration and Strategic Guidance - Team up with product managers, engineers, and designers to integrate threat insights into roadmaps, user interfaces, and analytics tools. - Advise on threat assessment frameworks, data needs, and incorporating external - intelligence sources.Deploy and monitor models in production, ensuring scalability and reliability. Research and Thought Leadership - Investigate cutting-edge techniques for graph-based threat detection, like graph neural networks or AI-optimized policies. - Contribute to internal research, patents, and potential publications to position Illumio as an industry leader. - Track adversary trends, regulatory shifts, and innovations to influence our detection and risk strategies. YOUR TOOLKIT: - 5+ years of experience in data science, detection engineering, threat intelligence, or security analytics, ideally in dynamic environments like cloud or network security. - · Proficiency in Python for data handling and modeling (e.g., Pandas, NumPy, Scikit-learn, TensorFlow/PyTorch), complemented by solid SQL skills for large dataset queries. - Hands-on experience developing and deploying ML or statistical models for security applications, such as anomaly detection or risk assessment. Familiarity with - Threat detection principles and frameworks (e.g., MITRE ATT&CK). - Security telemetry sources (e.g., EDR, NDR, AWS or Azure flow logs, AWS GuardDuty, Azure Defender data, etc). - Network security fundamentals, including zero-trust and segmentation concepts. - Proven ability to evaluate models, tune parameters, and manage challenges like imbalanced data in security scenarios. - Skill in communicating technical insights to diverse audiences, from engineers to product leaders. - Experience with large-scale telemetry datasets from varied sources. Preferred Qualifications - 7-10+ years in the field, with a track record in high-impact security roles. - Knowledge of graph databases and analytics (e.g., Neo4j, graph algorithms applied to security). - Experience productionizing ML models in cloud environments (e.g., AWS, GCP, Kubernetes). Bonus Points - Background at a cybersec