Role overview
You will tackle one of the most critical challenges in cybersecurity: detecting threats within privileged access sessions with high accuracy and low latency. Privileged accounts are prime targets for attackers, and the ML systems you build will serve as a first line of defense against anomalous and malicious behavior across SSH, RDP, VNC, and database connections. This role focuses on a hybrid detection approach combining vision-language models (VLMs) and domain-adapted ML models. You will work in a Python-based environment processing real-time session data via WebSocket, WebRTC, and protocol-level interfaces. The role is well-suited for engineers who enjoy both research-oriented work (datasets, evaluation, model training) and applied production engineering (inference systems, integration, and optimization).
Responsibilities
- Design, curate, and maintain datasets for training and evaluating threat detection models
- Build custom ML models for domain-specific threat classification and risk assessment
- Engineer and optimize prompts for vision-language models to analyze session behavior
- Create evaluation frameworks and benchmarks to measure accuracy, robustness, and reliability
- Develop Python-based inference services within Dockerized environments
- Integrate AI/ML capabilities with WebSocket, WebRTC, and low-level system interfaces for real-time analysis
- Write clean, maintainable code and produce clear technical documentation
- Monitor, troubleshoot, and optimize models in production for performance, scalability, and reliability
Basic qualifications
- 5+ years of professional experience in machine learning research or development
- Strong proficiency in Python
- Hands-on experience with dataset collection, curation, and labeling for ML training
- Experience designing model evaluation frameworks and performance benchmarks
- Experience working with vision-language models or large language models (e.g., GPT, Claude, Gemini, Qwen)
- Familiarity with prompt engineering techniques and LLM frameworks
- Experience building and deploying ML inference systems using Docker
- Working knowledge of graph data structures and their practical applications
- Familiarity with Git-based workflows and model repositories (e.g., Hugging Face)
- Experience using cloud platforms for ML deployment and inference (AWS, GCP, and/or Azure)
- Bachelor’s or Master’s degree in Computer Science, Machine Learning, Cybersecurity, or equivalent practical experience
- U.S. Person status required due to GovCloud involvement
- Experience with security, fraud, abuse detection, or anomaly detection systems
- Familiarity with PAM, identity, or privileged access environments
- Exposure to AWS Bedrock or similar managed AI services
- Knowledge of network protocols and low-level system interfaces
Benefits
- Medical, Dental & Vision (Inclusive of domestic partnerships)
- Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
- Voluntary Short/Long Term Disability Insurance
- 401k (Roth/Traditional)
- A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
- Above market annual bonuses
- Data We Collect
- Contact details, CV/resume, cover letter
- Employment history, qualifications, work eligibility
- Application responses and uploaded documents
- Interview notes, assessments, communications
- Scheduling information
- Recruiter/referral information who submit your profile
- References (with your consent, before final offer)
- Public professional profiles
- Background verification (post offer)
- We may ask you to voluntarily provide diversity information including race/ethnicity, gender, disability status and veteran status (US). Providing this information is optional and Keeper collects this data in order to comply with EEOC and similar requirements
- How We Use Your Data
- Assess your application and suitability
- Manage interviews and recruitment workflow
- Consider you for other/future roles (we may seek your consent to keep your information on our systems beyond the retention period specified)
- Comply with employment law obligations
- Legal Basis
- Legitimate Interests (recruitment management, security and integrity of the hiring process)
- Contracting steps (for progressed candidates)
- Legal and regulatory compliance obligations; explicit consent where required
- Who We Share Information With
- HR, hiring managers, interviewers*, IT support for system administration
- Note - diversity and equal opportunity data is not shared with hiring managers.
- Applicant tracking, recruitment systems and assessment providers
- Background verification vendors (post offer)
- Recruitment agencies (where applicable)
- Tools to support communication, collaboration and to securely store your data
- International Transfers
- Security
- Retention
- You opt into our talent database for further retention by providing consent (extended retention)
- You're hired (transfers to employee records)
- Your Rights
- Access, correct, or delete your data, subject to applicable law and retention requirements
- Object to or restrict processing
- Withdraw consent (where applicable)
- Request data portability
- Lodge a complaint with your data protection authority
- Automated Decisions
- Contact - Candidates can send privacy questions to: privacy@keepersecurity.com
About the company
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our award-winning, zero-trust, privileged access management platform deploys in minutes and seamlessly integrates with any tech stack and identity application to provide visibility, security, control, reporting and compliance across an entire enterprise. Trusted by millions of individuals and thousands of organizations, Keeper is an innovator of best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.