(Security) Machine Learning Engineer

The Security Machine Learning Engineer will play a key role in transforming our Security Operations Center (SOC) from reactive to proactive by integrating advanced machine learning and data-driven approaches into our detection and response workflows.

This role bridges traditional cybersecurity operations and modern ML-driven analytics, enabling our team to automatically identify emerging threats, anomalous behaviour, and new attack patterns at scale. As a secondary focus, the role could also leverage LLMs and AI engineering to automate analyst workflows and reduce operational toil.

The engineer will sit directly within the security team, ensuring that the solutions built are operationally relevant, and aligned with our security priorities, while also working closely with the internal Machine Learning team (MSA) to leverage their expertise and best practices.

What you will do:

• ML-Driven Detection & Automation

• Design, develop, and deploy machine learning models to enhance security detection, anomaly identification, and incident response.

• Integrate ML outputs into the SOC workflow to enable smarter and faster triage.

• Continuously evaluate and tune models to reduce false positives and improve detection precision.

• Ensure model outputs are interpretable and actionable for SOC analysts. Data Engineering for Security

• Build and maintain data pipelines to collect, process, and transform security-relevant data (e.g., logs, network traffic, endpoint events) into ML-ready datasets.

• Collaborate with security engineering team to ensure scalable and secure data handling (eg. parsing, processing, storage). AI Engineering & LLM-Powered Automation

• Explore and build LLM-powered tools to automate repetitive SOC tasks (e.g., alert triage, evidence gathering, incident summarisation, report generation).

• Apply appropriate guardrails and evaluation to ensure outputs are accurate, auditable, and safe to act on in operational contexts. Research & Innovation

• Stay current on advancements in security data science, adversarial ML, and automated threat detection.

• Prototype and test new ML and AI techniques (e.g., unsupervised anomaly detection, graph-based threat correlation).

• Contribute to improving detection content through statistical analysis and clustering. Operations & Maintenance

• Deploy models into production securely and responsibly, ensuring reliability and scalability.

• Implement monitoring, alerting, and retraining mechanisms for deployed ML models.

• Document methodologies and performance metrics for auditability and knowledge sharing., + SOC analysts leverage ML-powered detections to identify threats faster.

• Reduction in alert fatigue and false positives through adaptive and data-driven models.

• Strong collaboration established between the security and MSA ML teams, sharing expertise and best practices.

• Security data becomes more accessible, structured, and usable for analytical and predictive use cases.

• New, intelligent detections, enrichment, and incident response automations become part of the SOC's standard toolkit.

Do you have experience in VPN?, + Proven experience in machine learning engineering or data science, ideally in a cybersecurity or operations context.

• Proficiency in Python, with strong knowledge of ML frameworks.

• Experience with data manipulation and analysis using Pandas, NumPy or similar tools.

• Familiarity with security data sources (e.g., SIEM logs, EDR telemetry, network flow, authentication logs).

• Solid understanding of ML lifecycle: data preparation, model training, evaluation, deployment, and monitoring.

• Experience with data pipelines and storage technologies (e.g., Airflow, Kafka, Redis, Elasticsearch, Clickhouse, etc.).

• Ability to work independently and collaborate effectively with both ML and security specialists. Preferred

• Prior experience in threat detection, SOC operations, or security automation.

• Knowledge of adversarial ML, graph analytics, or behavioral modeling in security contexts.

• Experience integrating ML models into SIEM pipelines or automated detection frameworks.

• Exposure to LLMs and AI engineering (e.g., prompt engineering, RAG, agent design), and awareness of LLM-specific risks like prompt injection and data leakage.

At Proton, we believe that privacy is a fundamental human right and the cornerstone of democracy. Since our inception in 2014, founded by a team of scientists from CERN, we have dedicated ourselves to providing free and open-source technology to millions worldwide, ensuring access to privacy, security, and freedom online. Our journey began with Proton Mail, the largest secure email service globally, and has since expanded to include Proton VPN, Proton Calendar, Proton Drive, and Proton Pass. These tools empower individuals and organizations to take control of their personal data, break away from Big Tech's invasive practices, and defeat censorship. Our work impacts hundreds of millions of lives, from activists on the front lines defending freedom to leaders in governments protecting sensitive information. In some cases, Proton's services have even been instrumental in saving lives by enabling secure and private communications in high-risk situations. Proton is a profitable company that does not rely upon VC funding, supporting over 100 million user accounts with a growing team of over 500 people from over 50 different countries, from the world's top companies and universities. We value intelligence, learning potential, and ambition in our hiring process. Adaptability is key as we navigate uncharted territories and redefine how business is conducted online. Hiring at Proton is highly selective, with less than 1% of candidates hired. We believe smaller teams of exceptional talent will always prevail over larger teams with lower talent density. You will have the opportunity work with many of the world's top minds in their fields, ranging from former international math and science olympiad winners to chess champions. We have a global mindset and big ambitions but remain a start-up at heart. We value empowerment and flexibility and keep our structure flat to keep moving fast and avoid unnecessary politics. Tired of blending into the crowd? Join us and do work you can truly be proud of. !, Even if you don't meet all the requirements listed above, but feel you could still be a great fit, please still apply. What We Offer: * Work that Matters: millions of people trust Proton with their privacy. We answer only to our users - not advertisers, not investors with conflicting agendas, not governments. The work you do here is real, and the impact is measurable. * Technology: you'll get the right hardware and the right software you need to do your best work. * Learning & Development: we invest in your growth because sharp people make us better. Proton is one of the fastest ways to accelerate your career because you'll be thrown into real challenges, with real ownership, from day one. * Employee Benefits: your wellbeing isn't an afterthought. We offer strong health coverage, solid retirement options, generous leave, and wellness support so you can bring your best self to work every day * Stock Options: at Proton, we all have the opportunity to be owners of the company. From day one, you have a real stake in what we're building. When Proton wins, you win. * In-Person Collaboration: Amazing things happen when passionate, smart, and purposeful people get together in the same room. With offices across Geneva, Zürich, Barcelona, London and more, you'll spend most of your time collaborating face-to-face with people who genuinely care about what they're building * Food: Lunch and snacks are on us every day in our offices so you can focus on the work and not on what's for lunch. * Transport: getting to the office shouldn't cost you. We cover public transport, bike allowances, or parking, whichever works for you. * Flexible Working: you own your schedule. Set hours that work for you and your team - because outcomes matter more than when the clock says you started. Our Commitment to Diversity and Inclusion At Proton, we believe diversity drives innovation and strengthens our mission to provide privacy as a default for all. We are committed to fostering an inclusive environment where all individuals, regardless of race, ethnicity, gender, age, sexual orientation, physical ability, or socio-economic background, feel valued and empowered. We strive to create equal opportunities, promote open dialogue, and support continuous learning to ensure every voice is heard and respected. If you need any extra support or reasonable adjustments during the hiring process, please let your talent partner know. Candidate Privacy Notice When you apply for a position, refer a candidate, or are considered for a role at Proton Technologies AG (Proton, we, us, or our), your information is stored in Greenhouse, in accordance with their Service Privacy Policy. This information is used to evaluate your suitability for the posted position. We also retain this information for consideration for future roles that you may apply for or that we believe may align with your background and skills. If we no longer have a legitimate business need to process your information, we will either delete or anonymize it. Should you have any inquiries about how we use or manage your information, or if you wish to access, correct, or delete your data, please contact our privacy team at careers@proton.ch. Proton does not accept unsolicited resumes from any sources other than directly from candidates. We will not pay a fee for any placement resulting from an unsolicited offer, even if the candidate is subsequently hired by Proton.