Apply on Employer Site

Tyto Athene, LLC · 2 months ago

Cyber AI and Automation Lead Engineer

US-VA-Reston

Full-time

Onsite

Senior Level, Lead/Staff

10+ years exp

Tyto Athene is a trusted leader in IT services and solutions, delivering mission-focused digital transformation. They are seeking a Cyber Engineering Lead to spearhead the development of their internal cyber AI and automation product, focusing on leveraging AI and machine learning to enhance security operations and incident response.

Information Technology

Work & Life Balance

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Design, develop, and implement AI/ML models to process and derive insights from high-volume, real-time streaming data from diverse NOC/SOC sources (e.g., network telemetry, logs, flow data, packet captures, security alerts, endpoint data, threat intelligence feeds)

Perform advanced feature engineering on raw network and security data to extract meaningful patterns, indicators of compromise (IOCs), and behavioral anomalies

Develop and integrate data ingestion pipelines from various sensors, platforms (SIEM, EDR, NDR), and network devices into the AI/ML ecosystem

Develop and deploy AI/ML models for anomaly detection in network traffic, user behavior, system logs, and security events

Engineer solutions to identify sophisticated cyber threats and network anomalies with high accuracy and low false positives

Leverage and integrate with existing AI/ML capabilities embedded within NOC/SOC sensors and tools to maximize their effectiveness

Design and build intelligent automation playbooks and workflows that leverage AI/ML insights to automate incident response, network configuration changes, threat containment, and remediation actions

Develop predictive models to anticipate network failures, security breaches, or performance bottlenecks, enabling proactive intervention

Implement AIOps solutions to centralize monitoring, intelligently correlate events, and recommend or execute automated resolutions for common operational issues

Create Security Orchestration, Automation, and Response (SOAR) integrations that are enhanced by AI/ML decisions, optimizing triage, investigation, and response times

Focus on reducing the Mean Time To Detect (MTTD) and Mean Time To Resolve (MTTR) for network incidents and cyber threats through AI/ML-driven insights and automation

Identify and automate repetitive, low-value tasks performed by NOC/SOC analysts, freeing them to focus on complex investigations, threat hunting, and strategic initiatives

Develop systems for intelligent alert prioritization, reducing alert fatigue and enabling analysts to focus on critical events

Implement robust MLOps practices for continuous integration, continuous delivery, and continuous training (CI/CD/CT) of AI/ML models in production

Monitor model performance, detect model drift, and ensure the ongoing accuracy and relevance of deployed models

Establish clear data governance and lineage for AI/ML models, ensuring explainability and auditability in critical operational environments

Work closely with NOC engineers, SOC analysts, network architects, and cybersecurity experts to understand operational challenges, define problem statements, and integrate AI/ML solutions seamlessly into existing workflows

Translate complex AI/ML concepts and results into actionable insights for operational teams

Qualification

AI/ML model developmentCybersecurity expertiseMLOps practicesReal-time data processingPythonDockerKubernetesNOC/SOC domain knowledgeAutomation scriptingAnalytical skillsAgileCI/CD experienceCommunicationInterpersonal skills

Required

10 years+ experience in building and delivering solutions for the US federal government customers

Bachelor's Degree in Engineering, Computer Science, or related field; equivalent, relevant experience will be considered

Proficiency in PyTorch, Python, JavaScript/TypeScript

Open-source LLMs (e.g., Llama, Gemma, Qwen) and VLMs (e.g., Phi4, Qwen-VL) using Huggingface

Expertise in prompt engineering

Building RAG pipelines using tools like LangChain or LlamaIndex

Hands-on experience with Docker, Kubernetes, Helm; model serving frameworks like vLLM or Triton

ML Observability tools

Vector databases like Qdrant or Milvus

Familiarity with the Model Context Protocol (MCP), BeeAI Framework, and others for connecting AI models to external tools and data sources

Understanding of secure, real-time data access methodologies

Hands-on experience with real-time streaming data processing technologies (e.g., Apache Kafka, Flink, Spark Streaming, Kinesis)

Proficiency with cloud-native data platforms (e.g., AWS Kinesis/MSK/S3, Azure Event Hubs/Data Lake, GCP Pub/Sub/BigQuery) for data ingestion and storage

Demonstrable understanding of network operations principles, protocols, common network devices (routers, switches, firewalls), and network performance metrics

Strong understanding of cybersecurity concepts, attack vectors, threat intelligence, incident response lifecycle, and common security tools (SIEM, EDR, NDR, IDS/IPS, WAF, UEBA)

Familiarity with common log formats and security frameworks

Experience building automation scripts and integrating with APIs for network and security tools

Familiarity with lean engineering practices, and how to apply infrastructure platform engineering platforms and/or experience in designing automated response workflows

Understanding of AIOps and NetFlow principles and experience implementing solutions that integrate AI/ML with IT operations

Significant experience as an agile and CI/CD practitioner

Strong analytical and problem-solving skills

Excellent communication and interpersonal skills

Ability to work effectively across functional groups to optimize product & service offerings

Understands the many aspects of United States Government/Department of Defense programs, including but not limited to program and project management, staffing, engineering, Operations and Maintenance (O&M), quality, logistics, technology, and regulations

Demonstrated ability to handle multiple projects simultaneously

Preferred

Familiarity of NIST security guidelines, such as 800-53 and 800-63, and good understanding of security fundamentals, as well as authentication with OAuth, SAML etc

Knowledge of Go, Rust, or C++ for edge optimization

Experience integrating GenAI into full-stack applications

Associate level certification with Google, Azure or AWS cloud platforms

Experience working in the US intelligence community, Department of War, federal law enforcement of other government agencies

Active SECRET security clearance preferred or be able to secure DoD Security clearance