Embedded Detection Analyst

About The Position

Requirements

• 2-5 years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role.
• Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar technologies (experience with Abnormal Security is a plus).
• Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs to understand and remediate threats.
• Deep understanding of precision/recall metrics (true/false negatives, true/false positives) and their business impact on security operations and customer experience.
• Proven experience triaging security alerts, performing root cause analysis following established procedures, and tuning detection logic to reduce false positives while maintaining coverage.
• Ability to perform standardized data analysis procedures, effectively following established runbook methodologies and debugging analysis workflows as needed
• Demonstrated proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to enhance productivity, automate tasks, and accelerate problem-solving in both routine workflows and ad-hoc investigations.
• Experience in technical writing that effectively communicates complex issues, with ability to adapt communications for audiences of varying technical expertise, particularly in customer-facing contexts.
• Proven ability to work directly with customers or stakeholders on technical security issues, in collaboration with Customer Success and Sales, translating findings into business value without owning management.
• Demonstrated ability to remain calm and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents.
• Outcome-oriented mindset that measures success by customer impact and detection improvement rather than activities completed.
• Strong ownership mentality with ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on time and to specification with appropriate escalation when needed.

Nice To Haves

• Background in email security, phishing detection, anti-abuse systems, spam analysis, or email threat containment.
• Basic SQL knowledge with ability to write simple queries, perform data filtering, and understand data structures.
• Familiarity with Python, data analysis scripting, or notebook environments (e.g. Databricks, Jupyter, Splunk)
• Understanding of threat intelligence, IOCs (Indicators of Compromise), and threat hunting concepts.
• Familiarity with the MITRE ATT&CK framework and common email attack vectors (phishing, BEC, credential harvesting, malware, account takeover)
• Security certifications such as Security+, Network+, GIAC (GCIA, GCIH), CISSP, CEH, or similar
• Previous experience in technical account management, customer success engineering, or customer-facing security roles
• Examples of using AI tools and automation to solve security problems or accelerate learning in technical domains
• Experience documenting investigation methodologies and training team members

Responsibilities

• Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities.
• Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs.
• Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools.
• Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs.
• Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies.
• Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience.
• Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams.
• Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities.
• Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement.
• Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities.
• Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program.
• Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings.
• Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools.
• Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact.
• Leverage AI tools (ChatGPT, Claude, Claude Code, etc.) in established workflows and investigations to accelerate research, automate routine tasks, enhance documentation, and improve problem-solving efficiency

Benefits

• certain roles are eligible for a bonus, restricted stock units (RSUs), and benefits