Senior Embedded Detection Analyst

Job not on LinkedIn

🕒 April 23

🇺🇸 United States – Remote

⏰ Full Time

🟠 Senior

🧐 Analyst

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Abnormal Security

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Abnormal provides total protection against the widest range of attacks including phishing, malware, ransomware, social engineering, executive impersonation, supply chain compromise, internal account compromise, spam, and graymail.

📋 Description

• Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities. • Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs. • Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools. • Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs. • Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies. • Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience. • Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams. • Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities. • Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement. • Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities. • Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program. • Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings. • Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools. • Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact. • Leverage AI tools (ChatGPT, Claude, Claude Code, etc.) in established workflows and investigations to accelerate research, automate routine tasks, enhance documentation, and improve problem-solving efficiency

🎯 Requirements

• 7+ years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role. • Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar technologies (experience with Abnormal Security is a plus). • Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs to understand and remediate threats. • Deep understanding of precision/recall metrics (true/false negatives, true/false positives) and their business impact on security operations and customer experience. • Proven experience triaging security alerts, performing root cause analysis following established procedures, and tuning detection logic to reduce false positives while maintaining coverage. • Ability to perform standardized data analysis procedures, effectively following established runbook methodologies and debugging analysis workflows as needed. • Demonstrated proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to enhance productivity, automate tasks, and accelerate problem-solving in both routine workflows and ad-hoc investigations. • Experience in technical writing that effectively communicates complex issues, with ability to adapt communications for audiences of varying technical expertise, particularly in customer-facing contexts. • Proven ability to work directly with customers or stakeholders on technical security issues, in collaboration with Customer Success and Sales, translating findings into business value without owning management. • Demonstrated ability to remain calm and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents. • Outcome-oriented mindset that measures success by customer impact and detection improvement rather than activities completed. • Strong ownership mentality with ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on time and to specification with appropriate escalation when needed.

🏖️ Benefits

• Health insurance • Retirement plans • Paid time off • Flexible work arrangements • Professional development opportunities