Sr Embedded Detection Analyst

Abnormal AI is seeking an Embedded Detection Analyst to join their Threat Intelligence team. The role involves working closely with high-value customers to improve detection performance through investigation, tuning, and validation, combining SOC analyst skills with customer-focused detection engineering.

Location: Remote

Responsibilities

• Own detection performance outcomes for 3-5 strategic customer accounts, ensuring high efficacy of AI engine.
• Handle high-priority false positive and false negative escalations using investigation outputs.
• Monitor and analyze misclassification patterns using internal dashboards and tools.
• Perform incident triage and alert correlation using IOCs and TTPs.
• Design and implement detection tuning strategies based on customer signals, attack patterns, and threat intelligence.
• Fine-tune detection thresholds and configurations to optimize precision and coverage.
• Generate and present impact reports demonstrating detection improvements.
• Maintain alignment with Sales and Customer Success to understand customer pain points and renewal risks.
• Document detection issues, investigation findings, and tuning approaches.
• Review audit logs and analyze system interactions to identify root causes and tuning opportunities.
• Identify cross-customer patterns and contribute to tuning methodologies.
• Submit detection coverage reports to improve global detection.
• Provide feedback on analysis gaps and automation opportunities.
• Support training of team members and share investigation insights.
• Leverage AI tools to accelerate research, automate tasks, and improve documentation.

Requirements

• 7+ years of experience in SOC operations, detection engineering, incident response, email security analysis, or related cybersecurity role.
• Experience with security monitoring and detection platforms such as SIEM, EDR, email security tools, or similar (experience with Abnormal Security is a plus).
• Experience in email attack analysis, with ability to identify and leverage IOCs and TTPs.
• Deep understanding of precision/recall metrics and their business impact.
• Proven experience triaging security alerts, performing root cause analysis, and tuning detection logic.
• Ability to perform data analysis following established procedures.
• Proficiency with AI tools (ChatGPT, Claude, Copilot, etc.) for productivity and automation.
• Experience in technical writing and communicating complex issues.
• Ability to work directly with customers or stakeholders on technical issues.
• Ability to remain calm during high-pressure situations.
• Outcome-oriented mindset focusing on customer impact and detection improvement.
• Strong ownership mentality and ability to work within established processes.