Information Security Analyst

 

 

• Monitor security alerts and events to detect, investigate, and respond to cybersecurity incidents in real-time.
• Investigate suspected Account Takeover (ATO) cases by analyzing authentication logs, user behavior, device intelligence, and related signals across AppFolio’s platform.
• Identify, contain, and remediate fraudulent activity associated with compromised accounts to minimize customer impact.
• Collaborate closely with customer support, fraud, and engineering teams to triage reports, escalate critical threats, and support impacted users.
• Develop detection logic and alerting mechanisms that identify early indicators of ATO attempts using SIEM, identity platforms, and threat intelligence.
• Perform root cause analysis of account compromises and contribute to process improvements to prevent recurrence.
• Build and maintain investigation runbooks, documentation, and workflows specific to ATO detection, response, and customer notification.
• Analyze emerging attack trends targeting SaaS authentication flows, such as phishing, session hijacking, and token theft, to evolve defenses.
• Contribute to internal training and knowledge sharing around ATO patterns, prevention, and investigative techniques.

• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
• 3-5 years of experience in incident response, fraud investigation, or security operations with a focus on user or application security.
• Hands-on experience with identity and access management systems (e.g., Okta, Duo, or similar).
• Experience investigating ATOs or credential-based threats using logs from SIEM, IAM, and behavioral analytics platforms.

  Want more jobs like this?

  Get jobs in Flexible / Remote delivered to your inbox every week.

  

  Email Address*Send me The Muse newsletters for the best in career advice and job search tips.Get jobs!

  By signing up, you agree to our Terms of Service & Privacy Policy.

  
  Familiarity with common ATO tactics (e.g., credential stuffing, phishing, session reuse) and the MITRE ATT&CK framework.
• Strong analytical skills with the ability to recognize subtle patterns across disparate data sources.
  Proficiency in log analysis and querying tools (e.g., Splunk, Snowflake) to investigate activity and develop detections.
• Ability to work independently and cross-functionally in a fast-paced, customer-impacting environment.
• Excellent verbal and written communications skills

 

• Experience building detections for ATO or fraud-related activity in a SaaS environment.
• Familiarity with fraud signals such as IP reputation, device fingerprinting, geolocation anomalies, and behavioral risk scoring.
• Cyber Security certifications such as GIAC GCIH, GCFA, GCFE, or AWS Security Specialty.
• Understanding of OAuth, SAML, and session management in web and mobile applications.
• Experience working with customer support, fraud, and legal teams in the context of user-impacting security events.

 

Please note that compensation is just one aspect of a comprehensive Total Rewards package. The compensation range listed here does not include additional benefits or any discretionary bonuses you may be eligible for based on your role and/or employment type.

Regular full-time employees are eligible for benefits - see here.

Client-provided location(s): Flexible / Remote

Job ID: oHWoxfwi-CxbKYfwa

Employment Type: OTHER

Posted: 2025-09-02T23:33:45