All Jobs
Detection Engineer
Full Time
New York City, San Francisco In-Office or Remote (US-based)
Apply now

We are a team of ex-Google engineers who built the world’s largest defensive moats: Safe Browsing (5B+ users) and reCAPTCHA (5M+ sites). We’ve seen how global-scale detection works—and we know why it’s about to break.

The "traditional" detection stack—YARA rules, static signatures, and rigid heuristics—is failing. Adversaries are now using LLMs to automate polymorphism, crafting high-evasion, tailored payloads that bypass legacy systems by design.

We’re in stealth, building an Autonomous Detection Layer designed to fight AI with AI. We aren't just "bolting on" a chatbot; we are architecting a constellation of high-precision AI agents that hunt, triages, and neutralize threats in real-time.

Your Role: Detection Architect & Adversarial Lead

You won't just be writing detections; you'll be building the engines that generate them.

  • Architect Multi-Agent Systems: Design high-precision AI agents that collaborate to identify emerging threat patterns in live data.
  • Live in the Signal: You’ll be deep in the telemetry, identifying where LLM-backed attackers are finding gaps and evolving your agents to close them before the next campaign hits.
  • Rapid Prototyping: Move from "Zero-Day discovery" to "Automated Mitigation" in hours, not months. Our orchestration layer is built for engineers who think in OODA loops.

Why This is a Tier-1 Challenge

  • Zero-Day Velocity: The models change weekly. The bypass techniques change daily. Your detections must be adaptive, not reactive.
  • The Adversary is Competent: We are fighting sophisticated actors using AI to automate social engineering, credential stuffing, and evasive malware.
  • No Legacy Bloat: No 20-minute CI/CD pipelines. No "Change Management" boards for a logic tweak. You own the stack.

Who You Are

  • Adversarial Mindset: You understand how to bypass EDR/WAFs and use that knowledge to build better ones. You think in terms of TTPs, not just IOCs.
  • Data-Fluent: You have 2–10 years of experience and are comfortable at the intersection of security telemetry (logs, PCAPs, behavioral traces) and ML/AI systems.
  • Execution-First: You value high-signal alerts and low false-positive rates. You’d rather ship a 90% solution today than a 100% solution next quarter.

The Stats

  • The Pedigree: Founders are 3x founders with 30+ years of combined AI/Security experience at Google (Top 1% Engineering).
  • The Scale: We’ve previously protected billions. We’re doing it again for a $5B+ market that is currently defenseless against AI-driven threats.
  • The Speed: Flat hierarchy. Direct ownership. We move at the speed of the battlefield.

AI is only as good as the signal it consumes. As a Detection Infra lead, you’ll build the "Sensors and Synapses" of our platform:

  • Internet-Scale Ingestion: Build pipelines to monitor billions of events and petabytes of threat data in real-time.
  • Agent Orchestration: Design the infra that fine-tunes models on the fly using fresh adversarial data and manages GPU workloads across distributed clusters.
  • Feedback Loops: Implement the "Closed Loop" system where detections from the wild are instantly fed back into training sets to harden the system against the next iteration of an attack.

If you’re ready to build the tech that defines the next decade of cyber defense, let’s talk.

Complete protection for your email security needs with our native Agentic threat detection
Book your free demo
Links
CompanyProductsBlogCareers
Contacts
About usContacts
Legals
Privacy PolicyTerms & Conditions
© 2025 Aegis AI. All rights reserved.