Abnormal - Sr Embedded Detection Analyst
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• 2-5 years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role. • Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar technologies (experience with Abnormal Security is a plus). • Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs to understand and remediate threats. • Deep understanding of precision/recall metrics (true/false negatives, true/false positives) and their business impact on security operations and customer experience. • Proven experience triaging security alerts, performing root cause analysis following established procedures, and tuning detection logic to reduce false positives while maintaining coverage. • Ability to perform standardized data analysis procedures, effectively following established runbook methodologies and debugging analysis workflows as needed • Demonstrated proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to enhance productivity, automate tasks, and accelerate problem-solving in both routine workflows and ad-hoc investigations. • Experience in technical writing that effectively communicates complex issues, with ability to adapt communications for audiences of varying technical expertise, particularly in customer-facing contexts. • Proven ability to work directly with customers or stakeholders on technical security issues, in collaboration with Customer Success and Sales, translating findings into business value without owning management. • Demonstrated ability to remain calm and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents. • Outcome-oriented mindset that measures success by customer impact and detection improvement rather than activities completed. • Strong ownership mentality with ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on time and to specification with appropriate escalation when needed. • Background in email security, phishing detection, anti-abuse systems, spam analysis, or email threat containment. • Basic SQL knowledge with ability to write simple queries, perform data filtering, and understand data structures. • Familiarity with Python, data analysis scripting, or notebook environments (e.g. Databricks, Jupyter, Splunk) • Understanding of threat intelligence, IOCs (Indicators of Compromise), and threat hunting concepts. • Familiarity with the MITRE ATT&CK framework and common email attack vectors (phishing, BEC, credential harvesting, malware, account takeover) • Security certifications such as Security+, Network+, GIAC (GCIA, GCIH), CISSP, CEH, or similar • Previous experience in technical account management, customer success engineering, or customer-facing security roles • Examples of using AI tools and automation to solve security problems or accelerate learning in technical domains • Experience documenting investigation methodologies and training team members
Responsibilities
• Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities. • Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs. • Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools. • Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs. • Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies. • Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience. • Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams. • Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities. • Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement. • Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities. • Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program. • Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings. • Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools. • Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact. • Leverage AI tools (ChatGPT, Claude, Claude Code, etc.) in established workflows and investigations to accelerate research, automate routine tasks, enhance documentation, and improve problem-solving efficiency
Similar Jobs
No credit card. Takes 10 seconds.