We're a fully distributed team and as required by federal law this role is open only to any US citizen based in the US.

Why Sublime

Nation states, criminal organizations, and lone wolves attempt to phish businesses, non-profits, and governments 24/7/365. When they succeed it can be extraordinarily destructive, disrupting coronavirus research, impacting a US presidential election, or damaging a country’s national defense. Email is the #1 attack vector, and last year phishing cost US businesses over $9B in direct financial losses.

Security professionals deserve superpowers that make them the heroes in this fight.

What we do

Sublime is making email security programmable.

Many companies have tried to solve phishing using black box ML. They've failed for the past 20 years. We're taking a different approach - we've created a DSL to enable security professionals, IT admins, and academic researchers to quickly develop new phishing detection rules. These new, community-built rules can be powered by arbitrary sets of ML models, 3rd party enrichment services, and custom functions. All backed by a GitHub-like system for version control that makes sharing and collaboration easy for the first time ever.

Here's an example of a moderately sophisticated phishing detection rule that is written in Sublime's Message Query Language (MQL):

// rules can detect inbound, internal, or outbound messages
type.inbound

// identify credential theft language in the body using NLU
and any(ml.nlu_classifier(body.current_thread.text).intents,
        .name == "cred_theft" and .confidence == "high"
)

// suspicious sender signals
and (
  beta.whois(sender.email.domain).days_old <= 30
  or profile.by_sender().days_known < 10
  or not profile.by_sender().solicited
)

To see more rule examples and for a deeper dive into Sublime, check out our docs or open-source rules feed.

Role

Hiring manager: @Bobby Filar

Integrating machine learning into email security should be about something other than checking a box. It demands a thoughtful approach that bolsters protections without adding unnecessary friction or opacity. The focus should be crafting seamless, explainable, customizable models that enhance an organization's defense.

At Sublime Security, our goals for applying ML in email security are:

• Make it Adaptable
• Make it Explainable
• Make it Usable

As a Machine Learning Researcher, you'll work closely with the Detection, Engineering, and Product teams to improve our detection capabilities and increase user efficiency. This role offers a dynamic startup environment where user feedback directly drives our research and development.

Ideal candidates have well-rounded exposure to deep learning, LLMs, and anomaly detection in an applied setting. Having passion for research and development with security domain knowledge is a plus.

Your immediate focus will be increasing the detection capabilities and efficacy of existing production ML models, which are critical to our product's effectiveness in mitigating email attacks:

• Natural Language Understanding (NLU): Enhance intent classification and entity recognition for improved threat identification.
• Explainable ML: Develop more transparent, explainable models for prioritizing email threats.
• Computer Vision: Advance our capabilities in detecting brand and vendor impersonation.

You will also play a key role in researching and developing future ML projects aimed at increasing organizational efficiency and user experience:

• SublimeGPT: Create an in-platform assistant for faster detection and response, embodying our commitment to rapid adaptation through AI automation.
• Active Learning: Leverage user feedback for localized model training, enabling tailored detection and granular control over email security.
• Reinforcement Learning: Innovate with intelligent, automated actions for email threat triage, furthering our goals of efficiency and adaptability.

Stack

These are some of the tools and technologies we use to do our work.

PyTorch, HuggingFace, XGBoost, Mode Analytics, Notion

Challenges

At Sublime Security, we thrive on challenges. As a Machine Learning Researcher, you will tackle some of the most stimulating problems in email security:

• High Precision in High Volume: Build ML-backed detection features capable of identifying rare, suspicious activity (1:1,000,000) with high precision and minimal latency and compute impact in highly diverse environments. Achieving this level of performance is crucial in minimizing the impact on users while effectively safeguarding against sophisticated threats.
• Minimizing False Positives: Precision is critical in our domain. You will work on refining our models to reduce false positives, ensuring that our users experience minimal disruption while maintaining high levels of protection.
• Closing Detection Gaps: Partnering with the Detection Team, you'll help identify and remedy any discrepancies in model performance, aiming for a seamless detection mechanism that leaves no stone unturned.
• Adversarial Agility: Attackers continually evolve their strategies. Developing ML models that keep pace and anticipate and neutralize emerging threats is a complex, ongoing challenge.
• Data Acquisition and Signal Strength: In the quest for robust training datasets, you'll explore innovative strategies for gathering and leveraging data, ensuring that our models are trained on high-quality, relevant inputs.
• Maintaining ML Security: The Sublime Platform's open nature introduces unique challenges in protecting the integrity of our models against adversarial manipulation. You'll contribute to strategies that safeguard our models while keeping them accessible.
• Layered Defense Strategies: There needs to be more than one-size-fits-all solution in ML for email security. You'll be part of a team that integrates multiple approaches and domains of expertise to develop comprehensive, resilient defenses against sophisticated attacks.

How we work

• Optimized for flow: We endeavor to have as few scheduled meetings as possible. Right now, we have an all-hands on Tuesdays and that's it
• Autonomy, ownership, trust: You own your work and are responsible for it end to end
• Principles-driven: We approach problems from first principles and document how we make important decisions
• Inclusive: We believe a diverse and inclusive team learns more, makes better decisions, and ultimately ships better products
• Collaborative: We work together to solve tough problems and make decisions, then implement solutions independently in a high-trust environment

Compensation

Salary range: $180-225K/yr

Competitive equity package

Benefits

• We're a fully distributed team. Work from anywhere in the US
• Top-tier health, dental, and vision for which we cover 99% of premiums
• Life insurance fully covered by us
• 16 weeks of fully paid leave for new parents
• New Mac and $5k new hire equipment budget for monitors, desk, chair, and whatever else you need to do the best work of your life
• We'll pay for the fastest internet access available at your residence
• We'll buy any work-related books you ever need
• Unlimited paid time off, with a required 15-day minimum
• $10k bonus if we hire a referral

Traction

We're currently processing tens of millions of emails per day and catching phishing attacks for everything from Fortune 500 companies to tiny non-profits. These organizations are already writing and sharing detection rules with each other on a regular basis.

Check out https://sublime.security for details on some of our users and customers.

Funding

We’ve raised a total of $33.8M from Index Ventures (investors in Datadog, Figma, Notion, Elastic, and many more), Decibel Partners (early investors in RunZero, cmd, and more), Slow Ventures (early investors in Loom, Slack, Airtable, Gusto, Robinhood, and many more), and an incredible list of former and current Founders and operators.

Team

How to apply

Email us: [email protected]

Last updated: April 11th, 2024