Senior Machine Learning Engineer, Cybersecurity / Threat Detection

Confirmed live in the last 24 hours

Keeper Security

Remote, US

Hybrid

Posted January 27, 2026

Job Description

Description

We are seeking a highly motivated and experienced Machine Learning Engineer to join our AI & Threat Analytics team. This is a 100% remote position with an opportunity to work a hybrid schedule for candidates based in the El Dorado Hills, CA or Chicago, IL metro area!

Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations globally. Keeper is published in 23 languages and sold in over 150 countries. Join one of the fastest-growing cybersecurity companies and play a critical part in advancing Keeper’s AI-driven threat detection capabilities for our Privileged Access Management (PAM) platform.

About Keeper

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our award-winning, zero-trust, privileged access management platform deploys in minutes and seamlessly integrates with any tech stack and identity application to provide visibility, security, control, reporting and compliance across an entire enterprise. Trusted by millions of individuals and thousands of organizations, Keeper is an innovator of best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.

About the Role

You will tackle one of the most critical challenges in cybersecurity: detecting threats within privileged access sessions with high accuracy and low latency. Privileged accounts are prime targets for attackers, and the ML systems you build will serve as a first line of defense against anomalous and malicious behavior across SSH, RDP, VNC, and database connections. This role focuses on a hybrid detection approach combining vision-language models (VLMs) and domain-adapted ML models. You will work in a Python-based environment processing real-time session data via WebSocket, WebRTC, and protocol-level interfaces. The role is well-suited for engineers who enjoy both research-oriented work (datasets, evaluation, model training) and applied production engineering (inference systems, integration, and optimization).

Responsibilities

Design, curate, and maintain datasets for training and evaluating threat detection models
Build custom ML models for domain-specific threat classification and risk assessment
Engineer and optimize prompts for vision-language models to analyze session behavior
Create evaluation frameworks and benchmarks to measure accuracy, robustness, and reliability
Develop Python-based inference services within Dockerized environments
Integrate AI/ML capabilities with WebSocket, WebRTC, and low-level system interfaces for real-time analysis
Write clean, maintainable code and produce clear technical documentation
Monitor, troubleshoot, and optimize models in production for performance, scalability, and reliability

Requirements

5+ years of professional experience in machine learning research or development
Strong proficiency in Python
Hands-on experience with dataset collection, curation, and labeling for ML training
Experience designing model evaluation frameworks and performance benchmarks
Experience working with vision-language models or large language models (e.g., GPT, Claude, Gemini, Qwen)
Familiarity with prompt engineering techniques and LLM frameworks
Experience building and deploying ML inference systems using Docker
Working knowledge of graph data structures and their practical applications
Familiarity with Git-based workflows and model repositories (e.g., Hugging Face)
Experience using cloud platforms for ML deployment and inference (AWS, GCP, and/or Azure)
Bachelor’s or Master’s degree in Computer Science, Machine Learning, Cybersecurity, or equivalent practical experience
U.S. Person status required due to GovCloud involvement