Sr. Embedded Detection Analyst

Abnormal
Match Resume

About The Position

Abnormal AI is seeking an Embedded Detection Analyst to join their Threat Intelligence team. This role is part of the Embedded Detection Program, which partners directly with high-value customers to rapidly identify, resolve, and demonstrate measurable improvements in detection performance. The position combines the investigative mindset of a SOC analyst with the customer-focused approach of a detection engineer, requiring the analyst to own end-to-end customer outcomes by understanding pain points, using the detection analysis platform to identify root causes, implementing tuning solutions, and validating improvements. The ideal candidate will bring SOC or security operations experience, strong analytical skills, hypothesis-driven investigation approaches, and the ability to work systematically with established tools and processes. This role operates at the intersection of security operations, customer success, and detection quality, leveraging a suite of analysis tools and AI-powered productivity enhancers to drive measurable customer value while contributing to the operational playbook that scales this program. The scope involves owning detection performance outcomes for 3-5 strategic customer accounts, with responsibility for measurable detection KPIs, cross-customer tuning patterns, and contributions to the program's playbook. As an Embedded Detection Analyst, you will be a trusted technical partner for strategic customers, highly motivated to understand attacker actions, unexpected detection behaviors, and how to systematically improve customer outcomes. This includes a drive to stop email attackers and understand email security attack modes, TTPs, and threat patterns. You should enjoy diving into the details of complex detection systems, understanding their behavior, and analyzing root causes, investigating systematically until issues are identified. You are expected to approach technical challenges methodically, follow established playbooks while identifying opportunities for improvement and automation, and document investigations clearly for future reference and team learning. Clear communication is essential to explain technical detection issues to both technical and non-technical audiences, particularly customers and GTM stakeholders. The role requires remaining calm and responsive during high-pressure situations, including customer escalations and critical misclassifications. You will be a trusted team member, completing tasks on time and to specification with appropriate escalation. While you primarily operate behind the scenes, partnering closely with GTM and customer-facing teams, and may occasionally join customer discussions, your core focus is investigation, tuning, and measurable detection improvement rather than ongoing account management. Success is measured by quantified detection improvements (e.g., reduction in false positives/negatives, improved precision/recall) across your portfolio of accounts and the entire system, not just by closing individual investigations.

Requirements

  • 7+ years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role.
  • Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar technologies (experience with Abnormal Security is a plus).
  • Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs to understand and remediate threats.
  • Deep understanding of precision/recall metrics (true/false negatives, true/false positives) and their business impact on security operations and customer experience.
  • Proven experience triaging security alerts, performing root cause analysis following established procedures, and tuning detection logic to reduce false positives while maintaining coverage.
  • Ability to perform standardized data analysis procedures, effectively following established runbook methodologies and debugging analysis workflows as needed.
  • Demonstrated proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to enhance productivity, automate tasks, and accelerate problem-solving in both routine workflows and ad-hoc investigations.
  • Experience in technical writing that effectively communicates complex issues, with ability to adapt communications for audiences of varying technical expertise, particularly in customer-facing contexts.
  • Proven ability to work directly with customers or stakeholders on technical security issues, in collaboration with Customer Success and Sales, translating findings into business value without owning management.
  • Demonstrated ability to remain calm and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents.
  • Outcome-oriented mindset that measures success by customer impact and detection improvement rather than activities completed.
  • Strong ownership mentality with ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on time and to specification with appropriate escalation when needed.

Nice To Haves

  • Background in email security, phishing detection, anti-abuse systems, spam analysis, or email threat containment.
  • Basic SQL knowledge with ability to write simple queries, perform data filtering, and understand data structures.
  • Familiarity with Python, data analysis scripting, or notebook environments (e.g. Databricks, Jupyter, Splunk).
  • Understanding of threat intelligence, IOCs (Indicators of Compromise), and threat hunting concepts.
  • Familiarity with the MITRE ATT&CK framework and common email attack vectors (phishing, BEC, credential harvesting, malware, account takeover).
  • Security certifications such as Security+, Network+, GIAC (GCIA, GCIH), CISSP, CEH, or similar.
  • Previous experience in technical account management, customer success engineering, or customer-facing security roles.
  • Examples of using AI tools and automation to solve security problems or accelerate learning in technical domains.
  • Experience documenting investigation methodologies and training team members.

Responsibilities

  • Own detection performance outcomes for 3-5 strategic customer accounts, ensuring the AI engine maintains high efficacy aligned to each customer’s risk tolerance and priorities.
  • Become a reliable resource for customer detection issues, handling high-priority false positive and false negative escalations, often using investigation outputs from Email Security Analysts and other Threat Intel inputs.
  • Monitor and analyze misclassification patterns using internal detection analysis dashboards and tools.
  • Perform incident triage and alert correlation to systematically diagnose why detections produce false positives or miss threats, using IOCs and TTPs.
  • Design and implement detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral characteristics, following established methodologies.
  • Fine-tune detection thresholds and configurations to optimize precision while maintaining coverage against emerging threats, balancing detection efficacy with customer experience.
  • Generate and present impact reports that demonstrate measurable improvement in detection improvement to both customers, and internal stakeholders, in close partnership with GTM teams.
  • Maintain close alignment with Sales and Customer Success leads to understand customer pain points, renewal risks, and what matters most for securing deals, without taking on primary account management responsibilities.
  • Document detection issues, investigation findings, and tuning approaches in a structured, reusable format to enable team learning and program improvement.
  • Review audit logs and analyze system interactions using internal and external tools, including AI-based analytical tools, to identify root causes, and tuning opportunities.
  • Identify cross-customer patterns and contribute tuning methodologies to the operational playbook that can be leveraged across the program.
  • Submit D360 CFN reports and AISM submissions to improve global detection coverage based on customer findings.
  • Provide feedback to tooling team on analysis gaps, needed capabilities, and opportunities for automation, helping shape the roadmap for detection analysis and tuning tools.
  • Support training of other team members by sharing investigation insights and developing repeatable methodologies, including leveraging outputs from Email Security Analysts to scale tuning impact.
  • Leverage AI tools (ChatGPT, Claude, Claude Code, etc.) in established workflows and investigations to accelerate research, automate routine tasks, enhance documentation, and improve problem-solving efficiency.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Education Level

No Education Listed

Number of Employees

251-500 employees

Job Search Resources

Similar Sr. Embedded Detection Analyst job opportunities

FIU Analyst - Detection
SouthState Bank
SouthState Bank9d
FIU Analyst - Detection
South State Bank
South State Bank • Winter Haven, FL9d
Sr. Customer Integrity & Threat Detection Analyst (Starlink)
SpaceX
SpaceX • Bastrop, TX7d • Onsite
Sr Embedded Engineer
Resideo
Resideo • Golden Valley, MN5d • Hybrid
Sr Embedded Engineer
Resideo
Resideo • Golden Valley, MN6d
Fraud Detection Analyst, Senior
Blue Shield of California
Blue Shield of California • Oakland, CA12d • Hybrid
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service