Forward Deployed Data Scientist

Empirical Security is seeking an experienced Security Data Scientist to join our innovative Forward Deployed Data Scientist (FDDS) team focused on building the next generation of cybersecurity vulnerability models.

Our unique approach leverages ground-truth telemetry to develop predictive, actionable insights that transform the way organizations identify, prioritize, and remediate vulnerabilities in cloud, appsec and traditional environments. We build models specific to individual customers, and maintain many of them side by side.

This hasn’t been done before in cybersecurity. Come change the way security teams make decisions with us. FDDS works side by side with our customers, rapidly understanding their toughest issues; architecting and building solutions that get the right data into the hands of modeling data scientists and providing insights to our design partners and customers.

Familiarity with complex cybersecurity environments and data sets is a plus here.

What You’ll Do:

• Collaborate closely with our customers, engineering, product, and security teams to operationalize vulnerability models, ensuring scalability, reliability, and alignment with customer needs.

• Lead discovery and prioritization of customer security data sources (asset inventory, vuln scanners, EDR, IAM, CMDB, cloud posture, ticketing, external attack surface, threat intel), including feasibility, value, and effort trade-offs.

• Apply exposure-management domain expertise to ensure data supports actionable use cases (attack surface reduction, vulnerability prioritization, remediation workflows, risk acceptance, SLA tracking).

• Partner with engineering to design and validate ingestion pipelines (APIs, exports, streaming/batch), ensuring reliability, observability, and secure handling of customer data.

• Perform pragmatic data analysis to diagnose data issues and quantify impact (completeness, accuracy, timeliness, consistency), and recommend remediation steps to customers and internal teams.

• Define and maintain customer-facing technical documentation: integration guides, data dictionaries, validation checklists, and runbooks for common ingestion and modeling issues.

• Collect, clean, explore, analyze, and normalize various security data sources.

• Stay current on exposure-management practices, vulnerability intelligence, attacker tradecraft, and the relevant vendor ecosystem to inform integrations and customer guidance.

What You’ll Need:

• Baseline engineering hygiene (Python/SQL comfort, APIs and data formats, Git/version control, and an appreciation for reliability/observability and secure data handling).

• Enterprise security engineering / architecture fluency (security controls, reference architectures, trade-offs, and how security capabilities integrate into real-world enterprise environments).

• Exposure and vulnerability management expertise (asset-centric thinking, prioritization workflows, remediation SLAs, exception handling, and common program maturity patterns).

• Security data integration and normalization skills (ability to evaluate customer data sources, assess data quality, define mapping/normalization, and drive onboarding priorities).

• Strong customer-facing technical communication (requirements discovery, explaining complex technical concepts clearly, running workshops, and producing crisp technical documentation).

• Working knowledge of common security telemetry and systems (e.g., vulnerability scanners, EDR, IAM, CMDB, ticketing/ITSM, cloud security, external attack surface—enough to ask the right questions and validate data fitness).

• Pragmatic analytics capability (comfortable with basic statistics, exploratory analysis, and sanity-checking model outputs; can quantify uncertainty and limitations without being a deep ML specialist).

• Technical collaboration across engineering and data science (can translate customer needs into technical requirements, partner on pipeline design, and unblock implementation details).

Don't check off every box in the requirements listed above? Please apply anyway! Studies have shown that marginalized communities - such as women, LGBTQ+ and people of color - are less likely to apply to jobs unless they meet every single qualification. Empirical Security is dedicated to building an inclusive, diverse, equitable, and accessible workplace that fosters a sense of belonging – so if you're excited about this role but your past experience doesn't align perfectly with every qualification in the job description, we encourage you to still consider submitting an application. You may be just the right candidate for this role or another one of our openings!