Tyto Athene is searching for a Cyber Engineering Lead to lead our internal cyber AI and automation product development program. This role is multi-faceted. The successful candidate is a highly skilled and innovative Cyber Engineer with operational experience supporting Security Operations Center (SOC), Network Operations Center (NOC), and offensive cyber/penetration testing capabilities. This role is at the forefront of leveraging artificial intelligence (AI) and machine learning (ML) to make sense of massive streams of network and security data, exploit advanced AI features in existing sensors, build intelligent cyber/network automations, drastically reduce incident response times, and automate repetitive, low-value operational tasks. You will be instrumental in transforming our operations from reactive to predictive, enabling our teams to focus on strategic initiatives and complex threat hunting. The selected candidate will be a technical leader in Tyto’s new Technology Acceleration Lab for Operational Needs (TALON).

Responsibilities:

• Real-time Data Ingestion & Feature Engineering:

• Design, develop, and implement AI/ML models to process and derive insights from high-volume, real-time streaming data from diverse NOC/SOC sources (e.g., network telemetry, logs, flow data, packet captures, security alerts, endpoint data, threat intelligence feeds).

• Perform advanced feature engineering on raw network and security data to extract meaningful patterns, indicators of compromise (IOCs), and behavioral anomalies.

• Develop and integrate data ingestion pipelines from various sensors, platforms (SIEM, EDR, NDR), and network devices into the AI/ML ecosystem.

• AI-Driven Anomaly Detection & Threat Identification:

• Develop and deploy AI/ML models for anomaly detection in network traffic, user behavior, system logs, and security events.

• Engineer solutions to identify sophisticated cyber threats and network anomalies with high accuracy and low false positives.

• Leverage and integrate with existing AI/ML capabilities embedded within NOC/SOC sensors and tools to maximize their effectiveness.

• AI-Powered Cyber & Network Automation:

• Design and build intelligent automation playbooks and workflows that leverage AI/ML insights to automate incident response, network configuration changes, threat containment, and remediation actions.

• Develop predictive models to anticipate network failures, security breaches, or performance bottlenecks, enabling proactive intervention.

• Implement AIOps solutions to centralize monitoring, intelligently correlate events, and recommend or execute automated resolutions for common operational issues.

• Create Security Orchestration, Automation, and Response (SOAR) integrations that are enhanced by AI/ML decisions, optimizing triage, investigation, and response times.

• Performance Optimization & Efficiency Enhancement:

• Focus on reducing the Mean Time To Detect (MTTD) and Mean Time To Resolve (MTTR) for network incidents and cyber threats through AI/ML-driven insights and automation.

• Identify and automate repetitive, low-value tasks performed by NOC/SOC analysts, freeing them to focus on complex investigations, threat hunting, and strategic initiatives.

• Develop systems for intelligent alert prioritization, reducing alert fatigue and enabling analysts to focus on critical events.

• Model Lifecycle Management (MLOps):

• Implement robust MLOps practices for continuous integration, continuous delivery, and continuous training (CI/CD/CT) of AI/ML models in production.

• Monitor model performance, detect model drift, and ensure the ongoing accuracy and relevance of deployed models.

• Establish clear data governance and lineage for AI/ML models, ensuring explainability and auditability in critical operational environments.

• Collaboration & Domain Expertise Integration:

• Work closely with NOC engineers, SOC analysts, network architects, and cybersecurity experts to understand operational challenges, define problem statements, and integrate AI/ML solutions seamlessly into existing workflows.

• Translate complex AI/ML concepts and results into actionable insights for operational teams.

Required:

• 10 years+ experience in building and delivering solutions for the US federal government customers
• Bachelor's Degree in Engineering, Computer Science, or related field; equivalent, relevant experience will be considered
• Proficiency in PyTorch, Python, JavaScript/TypeScript
• Open-source LLMs (e.g., Llama, Gemma, Qwen) and VLMs (e.g., Phi4, Qwen-VL) using Huggingface
• Expertise in prompt engineering
• Building RAG pipelines using tools like LangChain or LlamaIndex.
• MLOps & Deployment:
• Hands-on experience with Docker, Kubernetes, Helm; model serving frameworks like vLLM or Triton
• ML Observability tools
• Vector databases like Qdrant or Milvus.
• Integration & Protocols:
• Familiarity with the Model Context Protocol (MCP), BeeAI Framework, and others for connecting AI models to external tools and data sources
• Understanding of secure, real-time data access methodologies.
• Streaming Data Processing:
• Hands-on experience with real-time streaming data processing technologies (e.g., Apache Kafka, Flink, Spark Streaming, Kinesis).
• Proficiency with cloud-native data platforms (e.g., AWS Kinesis/MSK/S3, Azure Event Hubs/Data Lake, GCP Pub/Sub/BigQuery) for data ingestion and storage.
• NOC/SOC Domain Knowledge:
• Demonstrable understanding of network operations principles, protocols, common network devices (routers, switches, firewalls), and network performance metrics.
• Strong understanding of cybersecurity concepts, attack vectors, threat intelligence, incident response lifecycle, and common security tools (SIEM, EDR, NDR, IDS/IPS, WAF, UEBA).
• Familiarity with common log formats and security frameworks.
• Automation & Orchestration Experience:
• Experience building automation scripts and integrating with APIs for network and security tools.
• Familiarity with lean engineering practices, and how to apply infrastructure platform engineering platforms and/or experience in designing automated response workflows.
• Understanding of AIOps and NetFlow principles and experience implementing solutions that integrate AI/ML with IT operations.
• Significant experience as an agile and CI/CD practitioner
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work effectively across functional groups to optimize product & service offerings.
• Understands the many aspects of United States Government/Department of Defense programs, including but not limited to program and project management, staffing, engineering, Operations and Maintenance (O&M), quality, logistics, technology, and regulations.
• Demonstrated ability to handle multiple projects simultaneously.

Desired:

• Familiarity of NIST security guidelines, such as 800-53 and 800-63, and good understanding of security fundamentals, as well as authentication with OAuth, SAML etc.
• Knowledge of Go, Rust, or C++ for edge optimization
• Experience integrating GenAI into full-stack applications
• Associate level certification with Google, Azure or AWS cloud platforms
• Experience working in the US intelligence community, Department of War, federal law enforcement of other government agencies.
• Active SECRET security clearance preferred or be able to secure DoD Security clearance.

Clearance: 

• Active SECRET security clearance preferred or be able to secure DoD Security clearance.

Compensation:

• Compensation is unique to each candidate and relative to the skills and experience they bring to the position. This does not guarantee a specific salary as compensation is based upon multiple factors such as education, experience, certifications, and other requirements, and may fall outside of the above-stated range.

Benefits:

• Highlights of our benefits include Health/Dental/Vision, 401(k) match, Paid Time Off, STD/LTD/Life Insurance, Referral Bonuses, professional development reimbursement, and parental leave.