Filigran Seeks AI Engineers for XTM One CTEM Automation Platform

About the Role

A new career opportunity has emerged at Filigran, the cybersecurity technology firm behind the OpenCTI threat intelligence platform. Following the launch of XTM One—an AI-native agentic layer designed to automate Continuous Threat Exposure Management (CTEM) workflows—the company is reportedly expanding its engineering team. This role focuses on building and refining the AI orchestration layer that connects OpenCTI and OpenAEV, enabling security teams to move from manual tool-switching to automated, continuous exposure management. Candidates will work at the intersection of artificial intelligence, threat intelligence, and security operations, helping shape how organizations proactively manage risk.

Key Responsibilities

• Design, develop, and maintain AI agents that automate CTEM workflows across the Filigran XTM Platform, reducing manual handoffs between threat intelligence, attack scenario building, and remediation tracking.
• Integrate large language models and machine learning pipelines into the XTM One orchestration layer to enable adaptive, context-aware security automation.
• Collaborate with threat intelligence analysts to translate complex CTEM processes into scalable AI-driven playbooks.
• Optimize the performance and reliability of AI agents that ingest threat data from OpenCTI and trigger response actions within OpenAEV.
• Contribute to the open-source community surrounding OpenCTI and related projects, ensuring the AI layer remains transparent and extensible.
• Monitor emerging threats and adversarial AI techniques to continuously harden the agentic system against manipulation.
• Document architecture decisions, agent behaviors, and integration patterns for both internal teams and external contributors.

Requirements

• Proven experience in software engineering with a focus on AI/ML systems, preferably in cybersecurity or infrastructure automation.
• Strong proficiency in Python and familiarity with frameworks such as LangChain, LlamaIndex, or similar agentic AI toolkits.
• Deep understanding of threat intelligence standards (STIX, TAXII) and exposure management concepts, including attack surface mapping and vulnerability prioritization.
• Hands-on experience with containerized environments (Docker, Kubernetes) and cloud-native deployment patterns.
• Ability to work in a remote-first, asynchronous setting, with excellent communication skills for cross-functional collaboration.
• Prior contributions to open-source security projects or a track record of publishing research in related domains are highly valued.

Compensation & Benefits

• Competitive salary complemented by equity options, giving team members a stake in the company’s growth.
• Fully remote work environment with flexible hours, supporting a healthy work-life balance.
• Annual budget for professional development, including conferences, certifications, and training programs.
• Comprehensive health, dental, and vision coverage for employees and their dependents.
• Opportunity to contribute directly to widely adopted open-source tools like OpenCTI, with public recognition and community impact.

How to Apply

Interested candidates can submit their application through the Apply Now button on this page, which will redirect to the official job listing. For complete details about the role and the recruitment process, please refer to the original posting on the company’s careers portal.