Principal AI Engineer

Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7.

Armis is a privately held company headquartered in California.

Location - Canada - Toronto ( REMOTE)

The Principal AI Engineer is an integral part of our Detection Labs organization providing expert knowledge in security best practices, security controls and advanced analysis to our customers. Knowledge in AI and AI Multi-Agent Systems, ML, cyber security products and tools, network principals, security standards, practices and controls as well as adversarial tactics and techniques are key components for success in this role. 

Responsibilities:

• Utilize tools and create detections (AI based or known indicators) within client environments matching tactics, techniques or procedures (TTPs) of known threat actors, malware or other unusual or suspicious behaviors.
• Assist building a pipeline to support continuous cyber hunts in support of identifying current and emerging threats on behalf of multiple clients, often operating as a lead investigator.
• Provide, as needed, investigative support of large scale and complex security incidents across multiple clients and support their SOC team through the investigation, recommendations, response, and post mortem efforts.
• Contribute to report findings that will be used by Armis Customer Success teams and help deliver reported findings and recommendations to client audiences.
• Support client and internal reporting & dashboarding customization efforts within the Armis platform, as required.
• Work with internal teams on orchestration & tool based enablement and optimization of team processes supporting overall service delivery.
• Partnering with internal Threat Research on TTPs 
• Contribute to the documentation of simple and reusable hunt tactics and techniques for the extended and shifting team delivering threat services.
• Help identify, provide design input, and prioritize product feature requests in support of Armis threat hunting capabilities both from the perspective of the internal service and over-arching consuming organizations.
• Establish & maintain client-specific cyber hunt & continuous threat hunting playbooks.
• Operate as subject matter expert (SME) point of contact for clients during business hours.

Qualifications:

• Bachelor’s Degree in Cybersecurity related field preferred
• 5+ years of Cybersecurity experience required
• 2 years experience with AI and multi agent systems
• 3+ years in Machine Learning related to cyber security required 
• 3+ years experience with Python with Git required 
• Experience applying machine learning to cybersecurity problems.
• Knowledge of TTPs involved in current APT threats and exploits involving various operating systems, applications and protocols, including working knowledge of the Cyber Kill Chain and MITRE ATT&CK Matrix.
• Experience with securing and hardening IT infrastructure.
• Experience with the threat hunting complete life cycle; developing hunt hypothesis, analyzing and processing intelligence, find trigger, investigation, response and recommendations
• Advanced knowledge of log analysis, PCAP analysis, traffic flow analysis and experience with associated infrastructure and systems to aid in the identification of malware or other malicious behavior.
• Demonstrated or advanced experience with computer networking and operating systems.
• Experience with operational security, including security operations center (SOC), incident response, evidence assessments, malware analysis, or IDS and IPS analysis.
• Knowledge of networking protocols and infrastructure designs; including routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network protocols.
• Excellent written and verbal communication skills, analytical ability, and the ability to work effectively with peers. 
• Ability to both support partner meetings and projects.

The choices you make in your career journey matter. You want to do interesting work in an important field while also having time to live your life, which is why we place so much value in your life-work balance. Armis sets you up for success with comprehensive health benefits, discretionary time off, paid holidays including monthly me days, and a highly inclusive and diverse workplace. Put your unique experiences and perspective to work in an environment where they will enable you to thrive, grow, and live your life with integrity.

Armis is proud to be an equal opportunity employer. We never discriminate based on race, ethnicity, color, ancestry, national origin, religion, sex, sexual orientation, gender identity, age, disability, veteran status, genetic information, marital status or any other legally protected (or not) status. In compliance with federal law, all persons hired will be required to submit satisfactory proof of identity and legal authorization.

Please click here to review our privacy practices.