Senior AI/ML Engineer

Job Description

Title: Senior AI/ML Engineer

Company Name: Axiler Ltd.

Vacancy: 1

Age: 26 to 32 years

Job Location: Anywhere in Bangladesh

Salary: Negotiable

Experience:

• At least 5 years
• The applicants should have experience in the following business area(s): Software Company, Artificial Intelligence (AI) Startup

• Bachelor in Engineering (BEngg)

• At least 5 years
• The applicants should have experience in the following business area(s): Software Company, Artificial Intelligence (AI) Startup

• Age 26 to 32 years

• 5 or more years of experience in ML engineering or applied AI research, with production systems in your portfolio

• Deep proficiency in Python and the ML ecosystem: PyTorch or equivalent, HuggingFace Transformers, scikit-learn, and standard NLP tooling

• Strong theoretical grounding in probabilistic modeling, Bayesian inference, and how to build scoring systems that are calibrated rather than just ranked

• Experience building NLP pipelines for classification, entity extraction, or semantic similarity at production scale

• Hands-on experience with vector databases and embedding-based retrieval for long-term memory and deduplication use cases

• Proven experience designing and evaluating LLM-based agentic systems, including prompt engineering, structured output generation, and failure mode analysis

• Ability to define and defend evaluation frameworks for ML systems where false positives and false negatives have different, asymmetric costsStrong written communication: you can document model design decisions in a way that a security engineer, a contracted developer, and a board member can each read at their own level

AppSec Domain Knowledge:

• Working knowledge of OWASP Top 10 and CWE taxonomy is required. You do not need to be a penetration tester, but you need to understand what a vulnerability finding represents and why its classification matters

• Familiarity with how SAST, DAST, and SCA tools produce findings, including common schema inconsistencies and noise patterns across tool categories

• Understanding of WAF rule logic and virtual patching as a remediation output is a strong advantage
  

Nice to Have:

• Experience building ML systems in regulated industry contexts where model outputs are subject to audit

NLP and Vulnerability Intelligence

• Own the NLP-based CWE normalization module that maps heterogeneous SAST, DAST, and SCA finding schemas to a canonical CWE taxonomy, identified as the highest-ROI AI addition in the current roadmap

• Design and train text classification and entity extraction models for vulnerability description normalization across tools with inconsistent output formats

• Build and maintain embedding pipelines for vulnerability fingerprinting, similarity detection, and cross-source deduplication

• Develop persistent organizational vulnerability memory using vector retrieval, including suppression logic and threat-condition-triggered resurfacing

Bayesian Scoring and Prioritization

• Design and own the Bayesian confidence scoring layer that combines CVSS, reachability signals, exploit availability, and business context weighting into a single actionable priority score

• Define, track, and continuously improve against accuracy targets: above 92% correlation accuracy, above 85% priority rank accuracy, below 3% WAF false positive rate

• Build calibration and evaluation frameworks so scoring outputs remain explainable and auditable, not black boxes

• Research and incorporate threat intelligence signals and exploit likelihood indicators as scoring features

Reachability and Static Analysis Integration

• Build the reachability gate that filters SAST findings through callgraph and data-flow signals, targeting 60 to 75% noise reduction without suppressing true positives

• Define the integration contract between static analysis outputs and the ML pipeline, enforcing hard constraints such as SAST-only signals never triggering WAF rule generation

• Collaborate with the AppSec integration layer to ensure finding schemas from different source categories are normalized correctly before entering the ML pipeline

Agentic AI Systems

• Architect and build agentic workflows where LLMs perform multi-step vulnerability triage, generate fix suggestions, and cross-validate findings across SAST and DAST sources

• Design the virtual patch generation pipeline: from a correlated, scored vulnerability signal to a WAF rule proposal, including confidence thresholds that gate human approval requirements

• Build the autonomous remediation agent architecture using MCP server infrastructure, with human approval gates enforced at the system level rather than the prompt level

• Define prompting strategies, output schemas, and evaluation harnesses for LLM-generated security content where correctness is non-negotiable

• Drive the product goal of engineers completing full triage and response workflows through agentic conversational interfaces

ML Operations and Quality

• Instrument the full ML pipeline with evaluation metrics, drift detection, and feedback loops from human approval decisions

• Build offline evaluation datasets from historical vulnerability findings to benchmark model changes before production deployment

• Define the model routing strategy across LLMs of varying capability and cost, applying frontier models where fix quality matters and lighter models for triage throughput

• Lunch Facilities: Full Subsidize
• Festival Bonus: 2