[Remote] Staff ML Application Engineer

Note: The job is a remote job and is open to candidates in USA. Dragos, Inc. is on a mission to defend industrial organizations with best-in-class technology and services in ICS/OT Cybersecurity. They are seeking a Staff ML Application Engineer to integrate machine learning techniques into their product and data pipelines, working closely with AI Engineers and Data Engineers to enhance cybersecurity capabilities.

Responsibilities

• Apply clustering, classification, anomaly detection, and other established ML techniques to cybersecurity data problems in the ICS/OT domain
• Integrate ML model outputs into existing data pipelines and product workflows, supporting both batch and near-real-time processing patterns
• Understand model behavior and translate research outputs into reliable pipeline components
• Work with Data Engineers to ensure ML-driven stages of the pipeline have clear data contracts, appropriate observability, and sane failure modes
• Evaluate open-source and third-party models for fit against specific use cases, knowing when to apply an existing tool versus when to escalate to a model-building effort
• Write clean, maintainable Python or Rust that other engineers can reason about, test, and extend
• Troubleshoot ML component behavior in production to diagnose issues with output quality, data drift, or unexpected edge cases
• Communicate clearly about what a model is doing, where it's uncertain, and how its outputs should (and shouldn't) be used downstream

Skills

• 4+ years of software engineering experience, with meaningful time spent working with ML outputs or data pipelines in a production context
• Strong Python skills; SQL proficiency; comfort reading and reasoning about data at scale
• Hands-on experience applying ML techniques including clustering (k-means, DBSCAN, hierarchical), classification, and anomaly detection
• Familiarity with scikit-learn and the surrounding Python ML ecosystem; you don't need to have implemented a neural net, but you should know how to use one responsibly
• Solid understanding of data pipeline concepts: how data flows, where it gets transformed, what can go wrong, and how to make failures visible
• Ability to evaluate whether a model's outputs are actually trustworthy for a given use case — not just whether accuracy metrics look good
• Strong written and verbal communication; comfortable explaining tradeoffs to both technical and non-technical stakeholders
• Cybersecurity domain knowledge — especially around threat detection, network behavior, or ICS/OT operations is a meaningful plus, but not a prerequisite
• Experience working with graph-based representations of network topology or asset relationships
• Familiarity with stream processing or event-driven architectures
• Exposure to containerized environments (Docker, Kubernetes) as a consumer/deployer, not necessarily an operator

Benefits

• Competitive Equity Package
• Comprehensive Benefits Plan

Company Overview