AppFolio

Security Intrusion Analyst II - ATO

AppFolio$104K — $130K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
  • 3-5 years of experience in incident response, fraud investigation, or security operations focused on user or application security.
  • Hands-on experience with identity and access management systems (e.g., Okta, Duo).
  • Experience investigating Account Takeover (ATO) cases using logs from SIEM, IAM, and behavioral analytics platforms.
  • Strong analytical skills to recognize patterns across diverse data sources.

Responsibilities

  • Monitor security alerts to detect and respond to cybersecurity incidents in real-time.
  • Investigate Account Takeover cases by analyzing authentication logs and user behavior.
  • Identify, contain, and remediate fraudulent activities on compromised accounts.
  • Collaborate with customer support and engineering teams to triage critical threats.
  • Develop detection logic for early indicators of ATO attempts.
  • Perform root cause analysis of account compromises to prevent recurrence.
  • Build and maintain runbooks and documentation for ATO detection and response.

Benefits

  • Comprehensive health benefits including medical, dental, and vision.
  • 401(k) retirement plan with company matching contributions.
  • Paid time off including vacation and sick days.
  • Employee training and development opportunities.
  • Flexible work environment with remote work options.
Full Job Description
We seek a highly skilled and motivated Information Security Analyst to join our security team. This role is critical in ensuring the protection of our organization's assets, monitoring security events, and responding to cyber threats. The ideal candidate will have excellent verbal and written communication skills, deep technical knowledge, strong analytical skills, and a passion for staying ahead of emerging threats.

Your impact
  • Monitor security alerts and events to detect, investigate, and respond to cybersecurity incidents in real-time.
  • Investigate suspected Account Takeover (ATO) cases by analyzing authentication logs, user behavior, device intelligence, and related signals across AppFolio's platform.
  • Identify, contain, and remediate fraudulent activity associated with compromised accounts to minimize customer impact.
  • Collaborate closely with customer support, fraud, and engineering teams to triage reports, escalate critical threats, and support impacted users.
  • Develop detection logic and alerting mechanisms that identify early indicators of ATO attempts using SIEM, identity platforms, and threat intelligence.
  • Perform root cause analysis of account compromises and contribute to process improvements to prevent recurrence.
  • Build and maintain investigation runbooks, documentation, and workflows specific to ATO detection, response, and customer notification.
  • Analyze emerging attack trends targeting SaaS authentication flows, such as phishing, session hijacking, and token theft, to evolve defenses.
  • Contribute to internal training and knowledge sharing around ATO patterns, prevention, and investigative techniques.


Qualifications
  • Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
  • 3-5 years of experience in incident response, fraud investigation, or security operations with a focus on user or application security.
  • Hands-on experience with identity and access management systems (e.g., Okta, Duo, or similar).
  • Experience investigating ATOs or credential-based threats using logs from SIEM, IAM, and behavioral analytics platforms.
    Familiarity with common ATO tactics (e.g., credential stuffing, phishing, session reuse) and the MITRE ATT&CK framework.
  • Strong analytical skills with the ability to recognize subtle patterns across disparate data sources.
    Proficiency in log analysis and querying tools (e.g., Splunk, Snowflake) to investigate activity and develop detections.
  • Ability to work independently and cross-functionally in a fast-paced, customer-impacting environment.
  • Excellent verbal and written communications skills


Nice to have
  • Experience building detections for ATO or fraud-related activity in a SaaS environment.
  • Familiarity with fraud signals such as IP reputation, device fingerprinting, geolocation anomalies, and behavioral risk scoring.
  • Cyber Security certifications such as GIAC GCIH, GCFA, GCFE, or AWS Security Specialty.
  • Understanding of OAuth, SAML, and session management in web and mobile applications.
  • Experience working with customer support, fraud, and legal teams in the context of user-impacting security events.


Compensation & Benefits

The base salary/hourly wage that we reasonably expect to pay for this role is: $104,000-$130,000

The actual base salary/hourly wage for this role will be determined by a variety of factors, including but not limited to: the candidate's skills, education, experience, etc.

Please note that base pay is one important aspect of a compelling Total Rewards package. The base pay range indicated here does not include any additional benefits or bonuses/commissions that you may be eligible for based on your role and/or employment type.

Regular full-time employees are eligible for benefits - see here.

#LI-KB1

About AppFolio

AppFolio provides cloud-based property management software that allows property managers and owners to market, automate, and manage tasks related to their properties. The company's software is used in a variety of industries, including real estate, legal, and accounting. AppFolio was founded in 2006 and is headquartered in Goleta, California.
Learn more about AppFolio
Size
1,600 employees
Market Cap
$3.6 billion
Industry
Net Income
$158.4 million
Founded
2006
5 Year Trend
+27.8%
Revenue
$310 million
NASDAQ

Similar Jobs

More Jobs at AppFolio

More Information Technology Jobs

Find similar Security Intrusion Analyst II - ATO jobs: