Senior Embedded Detection Analyst

Stelle nicht auf LinkedIn

🕒 vor 1 Monat

🇺🇸 Vereinigte Staaten – Remote

⏰ Vollzeit

🟠 Senior

🧐 Analyst

🦅 H1B-Visum-Sponsor

Dieses Unternehmen hat in der Vergangenheit H1B-Visa gesponsert.

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Abnormal Security

WebsiteLinkedInAlle Stellen

501 - 1000 Mitarbeiter

Abnormal bietet umfassenden Schutz vor der größten Bandbreite an Angriffen, darunter Phishing, Malware, Ransomware, Social Engineering, CEO‑Fraud, Kompromittierung der Supply Chain, Kompromittierung interner Konten, Spam und Graymail.

Beschreibung

• Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities. • Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs. • Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools. • Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs. • Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies. • Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience. • Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams. • Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities. • Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement. • Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities. • Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program. • Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings. • Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools. • Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact. • Leverage AI tools (ChatGPT, Claude, Claude Code, etc.) in established workflows and investigations to accelerate research, automate routine tasks, enhance documentation, and improve problem-solving efficiency

🎯 Anforderungen

• 7+ years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role. • Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar technologies (experience with Abnormal Security is a plus). • Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs to understand and remediate threats. • Deep understanding of precision/recall metrics (true/false negatives, true/false positives) and their business impact on security operations and customer experience. • Proven experience triaging security alerts, performing root cause analysis following established procedures, and tuning detection logic to reduce false positives while maintaining coverage. • Ability to perform standardized data analysis procedures, effectively following established runbook methodologies and debugging analysis workflows as needed. • Demonstrated proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to enhance productivity, automate tasks, and accelerate problem-solving in both routine workflows and ad-hoc investigations. • Experience in technical writing that effectively communicates complex issues, with ability to adapt communications for audiences of varying technical expertise, particularly in customer-facing contexts. • Proven ability to work directly with customers or stakeholders on technical security issues, in collaboration with Customer Success and Sales, translating findings into business value without owning management. • Demonstrated ability to remain calm and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents. • Outcome-oriented mindset that measures success by customer impact and detection improvement rather than activities completed. • Strong ownership mentality with ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on time and to specification with appropriate escalation when needed.

🏖️ Vorteile

• Health insurance • Retirement plans • Paid time off • Flexible work arrangements • Professional development opportunities