AI/ML Engineer - Extended Detection & Response (XDR) with Real-Time Anomaly Detection

Company Overview

CyberWissen is a leader in next-generation cybersecurity solutions, leveraging cutting-edge artificial intelligence and machine learning to protect enterprises from sophisticated threats. Our Extended Detection and Response (XDR) platform delivers unified visibility, automated threat detection, and accelerated response across endpoints, networks, cloud, and identity. We are seeking a talented AI/ML Engineer to pioneer real-time anomaly detection systems that redefine proactive security.

Job Description:

AI/ML Engineer - Extended Detection & Response (XDR) with Real-Time Anomaly Detection

Position:AI/ML Engineer - Cybersecurity XDR & Real-Time Anomaly Detection

Department:Data Scientist / Advanced Threat Detection

Reports To:Director of AI Security Research / Head of Cyber Analytics

Location:[Remote/Hybrid/On-site - Specify location Vietnam/Thailand Time Zone working hours ONLY]

Job Summary

As an AI/ML Engineer specializing in XDR and Real-Time Anomaly Detection, you will design, develop, and deploy scalable machine learning models that detect advanced threats and anomalous behaviours across heterogeneous telemetry streams. You will work closely with cybersecurity analysts, data engineers, and platform developers to integrate AI-driven insights into our XDR product, reducing mean time to detection (MTTD) and improving automated response actions.

Key Responsibilities

Core AI/ML Architecture and Development (100%)

• Model Design & Implementation:Research, prototype, and productionize supervised, unsupervised, and semi-supervised ML models for real-time anomaly detection (e.g., time-series analysis, graph neural networks, ensemble methods, deep learning autoencoders).
• Feature Engineering:Develop innovative feature extraction pipelines from multi-source security data (logs, EDR telemetry, network flows, cloud audit trails, user behaviours).
• Real-Time System Architecture:Build and optimize low-latency inference pipelines capable of processing high-volume, high-velocity data streams (using technologies like Apache Flink, Kafka, or similar).
• Model Lifecycle Management:Own the full ML lifecyclefrom training, validation, and A/B testing to deployment, monitoring for drift, and continuous retraining in production.

Cybersecurity & XDR Integration (100%)

• Threat Intelligence Fusion:Incorporate internal and external threat intelligence (TI) feeds to enrich detection models and reduce false positives.
• Cross-Platform Correlation:Develop algorithms to correlate weak signals across different security layers (endpoint, network, identity, cloud) to identify complex attack chains.
• Automated Response Enablement:Work with the automation team to create ML models that not only detect but also recommend or initiate contextual response actions within the XDR platform.
• Adversarial ML Research:Investigate and implement defences against adversarial attacks aiming to evade ML-based security systems.

Collaboration & Leadership (100%)

• Collaborate with data engineering to define optimal data schemas and ingestion requirements.
• Partner with product management to translate cutting-edge research into customer-facing features.
• Document methodologies, architectures, and model performance for both technical and executive audiences.
• Mentor junior data scientists and engineers.

Required Qualifications & Skills

Technical Expertise

• Advanced Degree:M.S. or Ph.D. in Computer Science, Data Science, Electrical Engineering, Statistics, or a related field with a focus on Machine Learning or AI.
• ML/Deep Learning Proficiency:8+ years of hands-on experience building and deploying production ML systems. Expertise in frameworks like TensorFlow, PyTorch, Scikit-learn, or XGBoost.
• Cybersecurity Domain Knowledge:Deep understanding of cybersecurity concepts: attack vectors, MITRE ATT&CK framework, security telemetry (e.g., Sysmon, Zeek, EDR data), and the XDR/EDR/SIEM landscape.
• Real-Time & Big Data Tech:Proven experience with stream-processing frameworks (Apache Flink, Spark Streaming, Kafka Streams) and big data platforms (Databricks, Snowflake, BigQuery).
• Programming:Expert-level proficiency in Python. Strong experience with SQL and optionally Scala/Java/Go.
• MLOps & Cloud:Hands-on experience with MLOps tools (MLflow, Kubeflow, TFX) and cloud platforms (Azure ML, AWS SageMaker, GCP Vertex AI,).
• Anomaly Detection Specialization:Demonstrable experience with statistical and ML-based anomaly detection techniques in time-series or graph data.

Soft Skills & Mindset

• Security-First Mentality:Passion for cybersecurity and a keen understanding of the attacker mindset.
• Problem-Solving:Ability to tackle ambiguous problems, decompose them, and deliver iterative solutions.
• Collaboration:Excellent communication skills to bridge the gap between data science, engineering, and security operations.
• Ownership & Curiosity:Self-starter who keeps pace with the latest advancements in both AI/ML and cybersecurity threats.

Preferred Qualifications

• Publications or presentations in relevant AI/ML or security conferences (e.g., NeurIPS, ICML, KDD, BlackHat, DEF CON AI Village).
• Experience with graph-based ML for entity behaviours analytics (EBA) or threat-hunting.
• Knowledge of containerization (Docker) and orchestration (Kubernetes).
• Experience with developing agents or sensors for data collection at the endpoint/network level.
• Familiarity with compliance frameworks (NIST, GDPR, ISO 27001) as they relate to automated detection.

What We Offer

• Impact:Your work will directly protect our global customers from real-world cyber attacks.
• Cutting-Edge Tech:Access to massive, diverse security datasets and high-performance computing resources.
• Growth:A culture of continuous learning with opportunities for conference attendance, training, and research.
• Competitive Compensation:Includes base salary, performance bonus, equity, and comprehensive benefits (health, dental, vision, 401k matching).
• Flexibility:A supportive remote or hybrid work model.

Start Immediately

• Competitive Compensation:Includes base salary, performance bonus, equity, and comprehensive benefits.
• VISA:You have work permit in the country applied from. We do not support with visa.
• Budget:2,000 to 2, 800 US dollars monthly.
• Immediate start:You must be able to join your 12 colleagues right after signed contract.
• Flexibility:A supportive remote or hybrid work model.

Application Instructions

To apply, please submit your resume along with a cover letter explaining your interest in this role and relevant experience. Include links to your GitHub portfolio, publications, or any public projects that demonstrate your skills in AI/ML and cybersecurity.

CyberWissen is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.