Sr. Security Data Scientist

Illumio•Sunnyvale, CA 94085, US• Full Time

Posted 1 hour ago• Software• Security

Compensation

$170,000–$196,000/year

Job Description

Onwards Together!

Illumio is the leader in ransomware and breach containment, redefining how organizations contain cyberattacks and enable operational resilience. Powered by the Illumio AI Security Graph, our breach containment platform identifies and contains threats across hybrid multi-cloud environments – stopping the spread of attacks before they become disasters.

Recognized as a Leader in the Forrester Wave™ for Microsegmentation, Illumio enables Zero Trust, strengthening cyber resilience for the infrastructure, systems, and organizations that keep the world running.

Location: 4 on-site days a week in Sunnyvale, CA Headquarters.

Our Team's Vision:

At Illumio, we’re pioneering cybersecurity innovation with our Illumio Insights platform, which leverages a dynamic security graph built from network flows, workload inventories, identity data, threat data, and vulnerability data. This graph enables essential functions such as breach risk detection, network segmentation assessment, active breach identification, and intelligent policy recommendations. To accelerate our product evolution, we’re expanding our Threat Research Team with a dedicated expert who will serve as a long-term subject matter expert (SME) for the Illumio Insights product team.

We’re looking for a talented Security Data Scientist to provide ongoing guidance on threats, threat intelligence, assessment models, and risk modeling. You’ll detect threats within our data ecosystems, build robust models, and collaborate closely with product teams to shape features, designs, and strategic direction. This role bridges data science, machine learning, threat research, and product development, offering a unique opportunity to impact how global organizations defend against advanced cyber threats in a high-demand field.

Your Impact:

Threat Intelligence and Risk Modeling

Examine large-scale security datasets to identify threat patterns, attacker TTPs (Tactics, Techniques, and Procedures), and emerging risks.
Construct and iterate on threat risk models using statistical and machine learning methods to evaluate breach likelihoods and segmentation efficacy.
Utilize security graphs to model attack paths, recommend segmentation strategies to reduce the risk of lateral movement, and suggest mitigation strategies.
Detection and Analytics Engineering
Create ML models for anomaly detection, behavioral profiling, and breach identification across multi-cloud, hybrid, and on-premises setups.
Work with threat researchers and engineers to enhance datasets, test hypotheses, and develop detection algorithms based on real-world threats.
Assess and refine model performance to deliver reliable detections with low false positives
Product Collaboration and Strategic Guidance
Team up with product managers, engineers, and designers to integrate threat insights into roadmaps, user interfaces, and analytics tools.
Advise on threat assessment frameworks, data needs, and incorporating external
intelligence sources.Deploy and monitor models in production, ensuring scalability and reliability.
Research and Thought Leadership
Investigate cutting-edge techniques for graph-based threat detection, like graph neural networks or AI-optimized policies.
Contribute to internal research, patents, and potential publications to position Illumio as an industry leader.
Track adversary trends, regulatory shifts, and innovations to influence our detection and risk strategies.

Your Toolkit:

5+ years of experience in data science, detection engineering, threat intelligence, or security analytics, ideally in dynamic environments like cloud or network security.
· Proficiency in Python for data handling and modeling (e.g., Pandas, NumPy, Scikit-learn, TensorFlow/PyTorch), complemented by solid SQL skills for large dataset queries.
Hands-on experience developing and deploying ML or statistical models for security applications, such as anomaly detection or risk assessment.
Familiarity with
Threat detection principles and frameworks (e.g., MITRE ATT&CK).
Security telemetry sources (e.g., EDR, NDR, AWS or Azure flow logs, AWS GuardDuty, Azure Defender data, etc).
Network security fundamentals, including zero-trust and segmentation concepts.
Proven ability to evaluate models, tune parameters, and manage challenges like imbalanced data in security scenarios.
Skill in communicating technical insights to diverse audiences, from engineers to product leaders.
Experience with large-scale telemetry datasets from varied sources.
Preferred Qualifications
7-10+ years in the field, with a track record in high-impact security roles.
Knowledge of graph databases and analytics (e.g., Neo4j, graph algorithms applied to security).
Experience productionizing ML models in cloud environments (e.g., AWS, GCP, Kubernetes).

Bonus Points
Background at a cybersecurity product company (e.g., in endpoint, SIEM, or network security).
Expertise in identity threats or integrating threat intel APIs
Publications, open-source contributions, or certifications (e.g., CISSP, GIAC, advanced ML certs).
Familiarity with Bay Area cybersecurity ecosystems or prior work in tech hubs.
Who You Are
A data-driven thinker who excels in ambiguous settings and tests hypotheses rigorously.
Passionate about cybersecurity, with a pragmatic approach to balancing detection accuracy and usability.
Collaborative, influential, and results-oriented, focused on delivering tangible value to protect customers.
Committed to ethical practices in AI and eager to thrive in a vibrant, talent-rich environment.

#LI-PO1 #LI-ONSITE

Our Commitment

Illumio believes that an environment of unique backgrounds, experiences, viewpoints, and individual contributions creates a culture of belonging, drives our future, and makes us stronger together in support of our customers and their success.

All official job offers from our company are extended directly by our recruitment team and will be sent through an official E-Signature document for your review and signature. Please be aware that we do not ask for any personal information in the process of extending offers of employment, such as financial details or social security numbers. Upon acceptance of any offer, we will request such information as part of the onboarding process prior to or on your first day of employment, and only after completing a background check through an authorized third-party vendor. If you receive any communication asking for personal details outside of these processes, please contact us immediately to verify the authenticity of the request. Your security is important to us, and we are committed to a safe and transparent hiring experience.

For roles in San Francisco and Los Angeles: Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Illumio will consider for employment qualified applicants with arrest and conviction records.