ForgeApply · Job listing
Sr. Embedded Detection Analyst
Abnormalsecurity
Apply in about a minute — without sacrificing quality.
ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.
About this role
About the Role
Abnormal AI is looking for an Embedded Detection Analyst to join our Threat Intelligence team. The Embedded Detection Program partners directly with our highest-value customers to rapidly identify, resolve, and demonstrate measurable improvements in detection performance. This role combines the investigative mindset of a SOC analyst with the customer-focused approach of a detection engineer—you'll own end-to-end customer outcomes by understanding pain points, using our detection analysis platform to identify root causes, implementing tuning solutions, and validating improvement. The ideal candidate will bring SOC or security operations experience, strong analytical skills, hypothesis-driven investigation approaches, and the ability to work systematically with established tools and processes.
You'll work at the intersection of security operations, customer success, and detection quality, using our suite of analysis tools and AI-powered productivity enhancers to drive measurable customer value while contributing to the operational playbook that scales this program.
Scope and scale: Own detection performance outcomes for 3-5 strategic customer accounts, with responsibility for measurable detection KPIs, cross-customer tuning patterns, and contributions to the programs playbook.
As an Embedded Detection Analyst, you are a trusted technical partner for our strategic customers. You are highly motivated to understand what attackers are doing, why detections are behaving unexpectedly, and how to systematically improve customer outcomes.
• You're driven to stop email attackers and understand email security attack modes, TTPs, and threat patterns.
• You like to dive into the details of complex detection systems, understand their behavior, and analyze root causes. When detection output is unexpected, you investigate systematically until the issue is identified.
• You approach technical challenges methodically, following established playbooks while identifying opportunities for improvement and automation.
• You document your investigations clearly, maintaining comprehensive notes that can be used for future reference and team learning.
• You are a clear communicator who can explain technical detection issues to both technical and non-technical audiences, particularly customers and GTM stakeholders.
• You remain calm and responsive during high-pressure situations, including customer escalations and critical misclassifications
• You are a trusted team member—when you take on tasks, there is confidence they will be completed on time and to specification, with appropriate escalation when needed
• You primarily operate behind the scenes, partnering closely with GTM and customer-facing teams. While you may occasionally join customer discussions to explain detection findings, your core focus is investigation, tuning, and measurable detection improvement rather than ongoing account management.
You measure your success by quantified detection improvements (for example, reduction in false positives/negative,improved precision/recall) across your portfolio of accounts and the entire system, not just by closing individual investigations.
What you will do
• Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities.
• Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs.
• Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools.
• Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs.
• Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies.
• Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience.
• Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams.
• Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities.
• Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement.
• Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities.
• Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program.
• Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings.
• Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools.
• Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact.
• Leverage AI tools (ChatGPT, Claude, Claude Code, etc.) in established workflows and investigations to accelerate research, automate routine tasks, enhance documentation, and improve problem-solving efficiency
Must Haves
• 7+ years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role.
Ready to apply to Abnormalsecurity?
Apply in about a minuteSimilar jobs
- Sr. Embedded Software Engineer — Archer56 · San Jose, California, United States
- Sr. Staff Embedded Software Engineer - Security — Ambiqmicroinc · Austin, Texas, United States
- Software Engineer, Detection — Doppel · New York
- Security Detection Engineer — Whoop · Boston, MA
- Sr. Embedded Engineer - End Devices — Hubblenetwork · Seattle, Washington, United States
- Senior Embedded Systems Engineer — Cyvl · Boston, Massachusetts
- Senior Embedded Software Engineer — Vardaspace · El Segundo, California, United States
- Senior Embedded Software Engineer — Nebius · Remote