Detection Engineer - AI/ML

About the job

Join the Allianz Cyber Defense Center (ACDC) as the engineer who brings machine learning into our detection workflow. Your mission is to take ACDC beyond rule-based detection into predictive, model-driven threat identification — analyzing patterns, anomalies, and behavioral signals across CrowdStrike EDR and Google SecOps telemetry. You'll work side-by-side with detection engineers, threat hunters, and CTI to catch what static rules can't.

What you do

• Design, train, and deploy ML models for threat detection — focusing on anomaly detection, behavioral analytics, and user/entity behavior across EDR and SIEM telemetry.
• Build and maintain AI-powered detection pipelines that continuously learn and adapt as new threats emerge.
• Partner with Detection Engineers to translate model outputs into actionable, explainable detection logic that analysts can triage with confidence.
• Engineer features and curate training data from CrowdStrike Falcon and Google SecOps, ensuring quality, labeling integrity, and statistical relevance.
• Monitor and mitigate AI-specific risks: model drift, training data bias, adversarial inputs, and over-reliance on automation.
• Track and respond to the adversarial AI landscape — AI-generated phishing, evasive malware, deepfake social engineering — and embed countermeasures into our detection stack.
• Apply an MLOps mindset: version models, monitor performance in production, and continuously evaluate precision, recall, and false-positive rates against ACDC KPIs.

What you bring 

• 3+ years of hands-on experience applying machine learning to cybersecurity, fraud detection, or large-scale anomaly detection problems.
• Strong Python skills and practical experience with ML frameworks (scikit-learn, PyTorch, TensorFlow, or XGBoost) for both classical and deep learning approaches.
• Working knowledge of security telemetry — EDR (ideally CrowdStrike Falcon), SIEM (ideally Google SecOps / Chronicle), and an understanding of how detection pipelines consume model outputs.
• Solid foundation in feature engineering, model evaluation, and the statistical reality of class imbalance (which is exactly what threat detection looks like).
• Familiarity with MLOps practices: model versioning, monitoring, retraining workflows, and tools like MLflow, Vertex AI, or equivalent.
• Awareness of adversarial ML threats (model poisoning, evasion, prompt injection) and how to defend against them in operational settings.
• Clear communication in English (team working language) — you can explain a model's behavior, its limitations, and its detections to both data scientists and SOC analysts.

What we offer

• We offer a hybrid work model which recognizes the value of striking a balance between in-person collaboration and remote working incl. up to 25 days per year working from abroad.
• We believe in rewarding performance and our compensation and benefits package includes a company bonus scheme, pension, employee shares program and multiple employee discounts (details vary by location).
• From career development and digital learning programs to international career mobility, we offer lifelong learning for our employees worldwide and an environment where innovation, delivery and empowerment are fostered.
• Flexible working, health and wellbeing offers (including healthcare and parental leave benefits) support to balance family and career and help our people return from career breaks with experience that nothing else can teach.

About Allianz Technology

With its headquarters in Munich, Germany, Allianz Technology is Allianz's global IT service provider and delivers IT solutions that drive the group's digitalization. With more than 11,000 employees in over 20 countries around the world, Allianz Technology is tasked to run, optimize, transform and innovate the infrastructure, applications and services together with Allianz companies to co-create the best customer experience.

We service the entire spectrum of digitalization – from one of the industry's largest IT infrastructure projects that spans data centres, networks and security, to application platforms ranging from workplace services to digital interaction.

In short: We deliver comprehensive end-to-end IT solutions for Allianz in the digital age. We are the backbone of Allianz.

Find us at: www.linkedin.com/company/allianz-technology.

Commitment to Integrity, Fairness & Inclusion

Allianz Group is one of the most trusted insurance and asset management companies in the world. Caring for our employees, their ambitions, dreams and challenges, is what makes us a unique employer. Together we can build an environment where everyone feels empowered and has the confidence to explore, to grow and to shape a better future for our customers and the world around us.

We at Allianz believe in a strong inclusive culture that encourages people to speak their minds, get involved and question the status quo. We are proud to be an equal opportunity employer and encourage you to bring your whole self to work, no matter where you are from, what you look like, who you love, or what you believe in. We therefore welcome applications regardless of race, ethnicity or cultural background, age, gender, nationality, religion, social class, disability, sexual orientation, or any other characteristics protected under applicable local laws and regulations.

To Recruitment Agencies

Allianz Technology has an in-house recruitment team that sources great candidates directly. Therefore, Allianz Technology does not accept unsolicited resumes from agencies or search firm recruiters.

When we do work with recruitment agencies, that engagement is formalized by a contract. Fees will only be paid when there is a contract in place. Without a contract in place, we will not accept invoices on unsolicited resumes, even if the candidate was ultimately employed by Allianz.

100165 | Ingeniería informática y tecnológica | Profesional / Senior | Non-Executive | Allianz Technology | Jornada completa | Indefinido