Axiler Ltd.

Requirements

Education

Experience

The applicants should have experience in the following business area(s): Artificial Intelligence (AI) Startup, Software Company

Additional Requirements

5 or more years of experience in ML engineering or applied AI research, with production systems in your portfolio
Deep proficiency in Python and the ML ecosystem: PyTorch or equivalent, HuggingFace Transformers, scikit-learn, and standard NLP tooling
Strong theoretical grounding in probabilistic modeling, Bayesian inference, and how to build scoring systems that are calibrated rather than just ranked
Experience building NLP pipelines for classification, entity extraction, or semantic similarity at production scale
Hands-on experience with vector databases and embedding-based retrieval for long-term memory and deduplication use cases
Proven experience designing and evaluating LLM-based agentic systems, including prompt engineering, structured output generation, and failure mode analysis
Ability to define and defend evaluation frameworks for ML systems where false positives and false negatives have different, asymmetric costsStrong written communication: you can document model design decisions in a way that a security engineer, a contracted developer, and a board member can each read at their own level

AppSec Domain Knowledge:

Working knowledge of OWASP Top 10 and CWE taxonomy is required. You do not need to be a penetration tester, but you need to understand what a vulnerability finding represents and why its classification matters
Familiarity with how SAST, DAST, and SCA tools produce findings, including common schema inconsistencies and noise patterns across tool categories
Understanding of WAF rule logic and virtual patching as a remediation output is a strong advantage

Nice to Have:

Experience building ML systems in regulated industry contexts where model outputs are subject to audit

Responsibilities & Context

NLP and Vulnerability Intelligence

Own the NLP-based CWE normalization module that maps heterogeneous SAST, DAST, and SCA finding schemas to a canonical CWE taxonomy, identified as the highest-ROI AI addition in the current roadmap
Design and train text classification and entity extraction models for vulnerability description normalization across tools with inconsistent output formats
Build and maintain embedding pipelines for vulnerability fingerprinting, similarity detection, and cross-source deduplication
Develop persistent organizational vulnerability memory using vector retrieval, including suppression logic and threat-condition-triggered resurfacing

Bayesian Scoring and Prioritization

Design and own the Bayesian confidence scoring layer that combines CVSS, reachability signals, exploit availability, and business context weighting into a single actionable priority score
Define, track, and continuously improve against accuracy targets: above 92% correlation accuracy, above 85% priority rank accuracy, below 3% WAF false positive rate
Build calibration and evaluation frameworks so scoring outputs remain explainable and auditable, not black boxes
Research and incorporate threat intelligence signals and exploit likelihood indicators as scoring features

Reachability and Static Analysis Integration

Build the reachability gate that filters SAST findings through callgraph and data-flow signals, targeting 60 to 75% noise reduction without suppressing true positives
Define the integration contract between static analysis outputs and the ML pipeline, enforcing hard constraints such as SAST-only signals never triggering WAF rule generation
Collaborate with the AppSec integration layer to ensure finding schemas from different source categories are normalized correctly before entering the ML pipeline

Agentic AI Systems

Architect and build agentic workflows where LLMs perform multi-step vulnerability triage, generate fix suggestions, and cross-validate findings across SAST and DAST sources
Design the virtual patch generation pipeline: from a correlated, scored vulnerability signal to a WAF rule proposal, including confidence thresholds that gate human approval requirements
Build the autonomous remediation agent architecture using MCP server infrastructure, with human approval gates enforced at the system level rather than the prompt level
Define prompting strategies, output schemas, and evaluation harnesses for LLM-generated security content where correctness is non-negotiable
Drive the product goal of engineers completing full triage and response workflows through agentic conversational interfaces

ML Operations and Quality

Instrument the full ML pipeline with evaluation metrics, drift detection, and feedback loops from human approval decisions
Build offline evaluation datasets from historical vulnerability findings to benchmark model changes before production deployment
Define the model routing strategy across LLMs of varying capability and cost, applying frontier models where fix quality matters and lighter models for triage throughput

To apply for this job email your details to apply@chakricircular.com