Abnormal Security

Senior Embedded Detection Analyst

Abnormal Security

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities.
  • Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs.
  • Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools.
  • Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs.
  • Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies.
  • Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience.
  • Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams.
  • Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities.
  • Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement.
  • Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities.
  • Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program.
  • Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings.
  • Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools.
  • Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact.

Requirements

  • 2-5 years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role.
  • Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar technologies (experience with Abnormal Security is a plus).
  • Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs to understand and remediate threats.
  • Deep understanding of precision/recall metrics (true/false negatives, true/false positives) and their business impact on security operations and customer experience.
  • Proven experience triaging security alerts, performing root cause analysis following established procedures, and tuning detection logic to reduce false positives while maintaining coverage.
  • Ability to perform standardized data analysis procedures, effectively following established runbook methodologies and debugging analysis workflows as needed.
  • Demonstrated proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to enhance productivity, automate tasks, and accelerate problem-solving in both routine workflows and ad-hoc investigations.
  • Experience in technical writing that effectively communicates complex issues, with ability to adapt communications for audiences of varying technical expertise, particularly in customer-facing contexts.
  • Proven ability to work directly with customers or stakeholders on technical security issues, in collaboration with Customer Success and Sales, translating findings into business value without owning management.
  • Demonstrated ability to remain calm and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents.
  • Outcome-oriented mindset that measures success by customer impact and detection improvement rather than activities completed.
  • Strong ownership mentality with ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on time and to specification with appropriate escalation when needed.
Benefits
  • Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here. If you would like more information on your EEO rights under the law, please click here.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SOC operationsdetection engineeringincident responseemail security analysissecurity monitoringdetection platformsemail attack analysisroot cause analysisdata analysis procedurestechnical writing
Soft Skills
customer communicationcalm under pressureoutcome-oriented mindsetownership mentalitycollaborationproblem-solvingadaptabilitytraining and mentoringattention to detailanalytical thinking