Apply on Employer Site

Abnormal AI · 17 hours ago

Embedded Detection Analyst

United States

Full-time

Remote

Mid, Senior Level

$165K/yr - $195K/yr

2+ years exp

Abnormal AI is seeking an Embedded Detection Analyst to join their Threat Intelligence team. This role focuses on improving detection performance for strategic customers by investigating detection issues, implementing tuning solutions, and ensuring measurable improvements in detection outcomes.

Artificial Intelligence (AI)Cyber SecurityEmailInformation TechnologyNetwork Security

H1B Sponsor Likely

Responsibilities

Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities

Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs

Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools

Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs

Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies

Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience

Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams

Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities

Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement

Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities

Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program

Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings

Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools

Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact

Leverage AI tools (ChatGPT, Claude, Claude Code, etc.) in established workflows and investigations to accelerate research, automate routine tasks, enhance documentation, and improve problem-solving efficiency

Qualification

SOC operations experienceDetection engineeringEmail security analysisIncident responseSecurity monitoring platformsPrecision/recall metricsRoot cause analysisAI tools proficiencyCustomer communicationData analysis proceduresTechnical writingCalm under pressureOwnership mentalityTeam collaborationDocumentation skills

Required

2-5 years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role

Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar technologies (experience with Abnormal Security is a plus)

Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs to understand and remediate threats

Deep understanding of precision/recall metrics (true/false negatives, true/false positives) and their business impact on security operations and customer experience

Proven experience triaging security alerts, performing root cause analysis following established procedures, and tuning detection logic to reduce false positives while maintaining coverage

Ability to perform standardized data analysis procedures, effectively following established runbook methodologies and debugging analysis workflows as needed

Demonstrated proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to enhance productivity, automate tasks, and accelerate problem-solving in both routine workflows and ad-hoc investigations

Experience in technical writing that effectively communicates complex issues, with ability to adapt communications for audiences of varying technical expertise, particularly in customer-facing contexts

Proven ability to work directly with customers or stakeholders on technical security issues, in collaboration with Customer Success and Sales, translating findings into business value without owning management

Demonstrated ability to remain calm and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents

Outcome-oriented mindset that measures success by customer impact and detection improvement rather than activities completed

Strong ownership mentality with ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on time and to specification with appropriate escalation when needed

Preferred

Background in email security, phishing detection, anti-abuse systems, spam analysis, or email threat containment

Basic SQL knowledge with ability to write simple queries, perform data filtering, and understand data structures

Familiarity with Python, data analysis scripting, or notebook environments (e.g. Databricks, Jupyter, Splunk)

Understanding of threat intelligence, IOCs (Indicators of Compromise), and threat hunting concepts

Familiarity with the MITRE ATT&CK framework and common email attack vectors (phishing, BEC, credential harvesting, malware, account takeover)

Security certifications such as Security+, Network+, GIAC (GCIA, GCIH), CISSP, CEH, or similar

Previous experience in technical account management, customer success engineering, or customer-facing security roles

Examples of using AI tools and automation to solve security problems or accelerate learning in technical domains

Experience documenting investigation methodologies and training team members

Benefits

Bonus

Restricted stock units (RSUs)

Benefits

Company

Abnormal AI

Glassdoor3.3

Abnormal AI is the leading AI-native human behavior security platform.

Founded in 2018

Las Vegas, Nevada, USA

1001-5000 employees

https://abnormal.ai/

H1B Sponsorship

Abnormal AI has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (5)

Funding

Current Stage

Late Stage

Total Funding

$534M

Key Investors

Wellington ManagementCrowdStrike Falcon FundInsight Partners

2024-08-06Series D· $250M

2023-03-29Series Unknown

2022-05-10Series C· $210M

Leadership Team

Evan Reiser

Founder & CEO

Sanjay Jeyakumar

CTO, Co-Founder, and Head of R&D

Recent News

Morningstar.com

Abnormal AI Named a Leader for the Second Consecutive Year in the 2025 Gartner® Magic Quadrant™ for Email Security

2025-12-03

Abnormal AI

Abnormal Security Launches with $24M Series A Funding from Greylock to Protect Enterprises from Targeted Email Attacks

2025-12-01

Abnormal AI

Abnormal Security Raises $200M+ at a $4B Valuation To Protect The Modern Enterprise Workforce, With Its AI-based Email Security Platform

2025-12-01

Company data provided by crunchbase