We seek a highly skilled and motivated Information Security Analyst to join our security team. This role is critical in ensuring the protection of our organization's assets, monitoring security events, and responding to cyber threats. The ideal candidate will have excellent verbal and written communication skills, deep technical knowledge, strong analytical skills, and a passion for staying ahead of emerging threats.
Your impact
- Monitor security alerts and events to detect, investigate, and respond to cybersecurity incidents in real-time.
- Investigate suspected Account Takeover (ATO) cases by analyzing authentication logs, user behavior, device intelligence, and related signals across AppFolio's platform.
- Identify, contain, and remediate fraudulent activity associated with compromised accounts to minimize customer impact.
- Collaborate closely with customer support, fraud, and engineering teams to triage reports, escalate critical threats, and support impacted users.
- Develop detection logic and alerting mechanisms that identify early indicators of ATO attempts using SIEM, identity platforms, and threat intelligence.
- Perform root cause analysis of account compromises and contribute to process improvements to prevent recurrence.
- Build and maintain investigation runbooks, documentation, and workflows specific to ATO detection, response, and customer notification.
- Analyze emerging attack trends targeting SaaS authentication flows, such as phishing, session hijacking, and token theft, to evolve defenses.
- Contribute to internal training and knowledge sharing around ATO patterns, prevention, and investigative techniques.
Qualifications
- Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
- 3-5 years of experience in incident response, fraud investigation, or security operations with a focus on user or application security.
- Hands-on experience with identity and access management systems (e.g., Okta, Duo, or similar).
- Experience investigating ATOs or credential-based threats using logs from SIEM, IAM, and behavioral analytics platforms.
Familiarity with common ATO tactics (e.g., credential stuffing, phishing, session reuse) and the MITRE ATT&CK framework. - Strong analytical skills with the ability to recognize subtle patterns across disparate data sources.
Proficiency in log analysis and querying tools (e.g., Splunk, Snowflake) to investigate activity and develop detections. - Ability to work independently and cross-functionally in a fast-paced, customer-impacting environment.
- Excellent verbal and written communications skills
Nice to have
- Experience building detections for ATO or fraud-related activity in a SaaS environment.
- Familiarity with fraud signals such as IP reputation, device fingerprinting, geolocation anomalies, and behavioral risk scoring.
- Cyber Security certifications such as GIAC GCIH, GCFA, GCFE, or AWS Security Specialty.
- Understanding of OAuth, SAML, and session management in web and mobile applications.
- Experience working with customer support, fraud, and legal teams in the context of user-impacting security events.
Compensation & Benefits
The base salary/hourly wage that we reasonably expect to pay for this role is: $104,000-$130,000
The actual base salary/hourly wage for this role will be determined by a variety of factors, including but not limited to: the candidate's skills, education, experience, etc.
Please note that base pay is one important aspect of a compelling Total Rewards package. The base pay range indicated here does not include any additional benefits or bonuses/commissions that you may be eligible for based on your role and/or employment type.
Regular full-time employees are eligible for benefits - see here.
#LI-KB1