
Senior Embedded Detection Analyst
Posted 2 days ago

Posted 2 days ago
This is a fully remote position, open to applicants in United States.
• Take charge of detection performance results for 3-5 key customer accounts, ensuring the AI engine operates effectively in line with each customer's risk tolerance and priorities.
• Serve as a dependable resource for customer detection challenges, managing high-priority escalations related to false positives and false negatives, often utilizing investigation outputs from Email Security Analysts and other Threat Intel sources.
• Oversee and evaluate misclassification trends using internal detection analysis dashboards and tools.
• Conduct incident triage and alert correlation to methodically diagnose reasons for false positives or missed threats, employing IOCs and TTPs.
• Develop and execute detection tuning strategies based on customer-specific signals, attack patterns, threat intelligence, and behavioral traits, adhering to established methodologies.
• Adjust detection thresholds and configurations to enhance precision while ensuring coverage against emerging threats, balancing detection effectiveness with customer experience.
• Create and deliver impact reports that showcase quantifiable improvements in detection capabilities to both customers and internal stakeholders, in close collaboration with GTM teams.
• Maintain strong alignment with Sales and Customer Success leaders to grasp customer pain points, renewal risks, and key factors for securing deals, without assuming primary account management duties.
• Record detection issues, investigation results, and tuning strategies in a structured, reusable format to facilitate team learning and program enhancement.
• Review audit logs and scrutinize system interactions using internal and external tools, including AI-driven analytical tools, to pinpoint root causes and tuning opportunities.
• Recognize cross-customer trends and contribute tuning methodologies to the operational playbook for broader program utilization.
• Submit D360 CFN reports and AISM submissions to enhance global detection coverage based on customer insights.
• Provide input to the tooling team regarding analysis gaps, required capabilities, and automation prospects, playing a role in shaping the roadmap for detection analysis and tuning tools.
• Assist in training other team members by sharing investigative insights and developing repeatable methodologies, leveraging outputs from Email Security Analysts to amplify tuning effectiveness.
• Utilize AI tools (ChatGPT, Claude, Claude Code, etc.) within established workflows and investigations to expedite research, automate routine tasks, improve documentation, and enhance problem-solving efficiency.
• Over 7 years of experience in SOC operations, detection engineering, incident response, email security analysis, or a related cybersecurity role.
• Familiarity with security monitoring and detection platforms such as SIEM, EDR, email security tools, or comparable technologies (experience with Abnormal Security is a plus).
• Proficient in email attack analysis, with the ability to identify and utilize IOCs and TTPs to comprehend and address threats.
• Comprehensive understanding of precision/recall metrics (true/false negatives, true/false positives) and their business implications for security operations and customer experience.
• Demonstrated experience in triaging security alerts, conducting root cause analysis according to established procedures, and tuning detection logic to minimize false positives while maintaining coverage.
• Capability to execute standardized data analysis procedures, effectively adhering to established runbook methodologies and debugging analysis workflows as necessary.
• Proven proficiency with AI tools (ChatGPT, Claude, Claude Code, Copilot, or similar) to boost productivity, automate tasks, and expedite problem-solving in both routine workflows and ad-hoc investigations.
• Experience in technical writing that clearly communicates complex issues, with the ability to tailor communications for audiences with varying technical expertise, especially in customer-facing scenarios.
• Established ability to engage directly with customers or stakeholders on technical security matters, in collaboration with Customer Success and Sales, translating findings into business value without assuming management responsibilities.
• Proven capability to remain composed and responsive during high-pressure situations, including customer escalations and active cybersecurity incidents.
• Outcome-focused mindset that gauges success by customer impact and detection enhancement rather than completed activities.
• Strong ownership mentality with the ability to work within established processes while identifying improvement opportunities—trusted to complete tasks on schedule and to specification, with appropriate escalation when necessary.
• Health insurance
• Professional development opportunities
CACI International Inc
Gainwell Technologies
Gordon Brothers
Deckers Brands
Get handpicked remote jobs straight to your inbox weekly.