AppFolio
Overview
The Information Security Analyst will focus on detecting, investigating, and responding to account takeovers (ATO) and other security threats across AppFolio’s platforms. This role involves identifying early indicators of compromise, triaging anomalous behavior, and analyzing attacker patterns related to credential misuse, session hijacking, and social engineering. The analyst will collaborate closely with the security, fraud, risk, and engineering teams to investigate suspicious activity, reduce time to containment, and protect user accounts from unauthorized access. Responsibilities
Monitor security alerts and events to detect, investigate, and respond to cybersecurity incidents in real-time. Investigate suspected Account Takeover (ATO) cases by analyzing authentication logs, user behavior, device intelligence, and related signals across AppFolio’s platform. Identify, contain, and remediate fraudulent activity associated with compromised accounts to minimize customer impact. Collaborate with customer support, fraud, and engineering teams to triage reports, escalate critical threats, and support impacted users. Develop detection logic and alerting mechanisms that identify early indicators of ATO attempts using SIEM, identity platforms, and threat intelligence. Perform root cause analysis of account compromises and contribute to process improvements to prevent recurrence. Build and maintain investigation runbooks, documentation, and workflows specific to ATO detection, response, and customer notification. Analyze emerging attack trends targeting SaaS authentication flows, such as phishing, session hijacking, and token theft, to evolve defenses. Contribute to internal training and knowledge sharing around ATO patterns, prevention, and investigative techniques. Qualifications
Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience. 3-5 years of experience in incident response, fraud investigation, or security operations with a focus on user or application security. Hands-on experience with identity and access management systems (e.g., Okta, Duo, or similar). Experience investigating ATOs or credential-based threats using logs from SIEM, IAM, and behavioral analytics platforms. Familiarity with common ATO tactics (e.g., credential stuffing, phishing, session reuse) and the MITRE ATT&CK framework. Strong analytical skills with the ability to recognize subtle patterns across disparate data sources. Proficiency in log analysis and querying tools (e.g., Splunk, Snowflake) to investigate activity and develop detections. Ability to work independently and cross-functionally in a fast-paced, customer-impacting environment. Excellent verbal and written communications skills Nice to have
Experience building detections for ATO or fraud-related activity in a SaaS environment. Familiarity with fraud signals such as IP reputation, device fingerprinting, geolocation anomalies, and behavioral risk scoring. Cyber Security certifications such as GIAC GCIH, GCFA, GCFE, or AWS Security Specialty. Understanding of OAuth, SAML, and session management in web and mobile applications. Experience working with customer support, fraud, and legal teams in the context of user-impacting security events. Location
San Diego, CA Compensation & Benefits
The compensation for this role is typically in the range of $94,400 - $118,000 base pay. The actual compensation will be determined by factors such as skills, education, experience, and internal equity. Compensation is one part of a comprehensive Total Rewards package. About AppFolio
AppFolio is the technology leader powering the future of the real estate industry. For more information, visit appfolio.com.
#J-18808-Ljbffr
The Information Security Analyst will focus on detecting, investigating, and responding to account takeovers (ATO) and other security threats across AppFolio’s platforms. This role involves identifying early indicators of compromise, triaging anomalous behavior, and analyzing attacker patterns related to credential misuse, session hijacking, and social engineering. The analyst will collaborate closely with the security, fraud, risk, and engineering teams to investigate suspicious activity, reduce time to containment, and protect user accounts from unauthorized access. Responsibilities
Monitor security alerts and events to detect, investigate, and respond to cybersecurity incidents in real-time. Investigate suspected Account Takeover (ATO) cases by analyzing authentication logs, user behavior, device intelligence, and related signals across AppFolio’s platform. Identify, contain, and remediate fraudulent activity associated with compromised accounts to minimize customer impact. Collaborate with customer support, fraud, and engineering teams to triage reports, escalate critical threats, and support impacted users. Develop detection logic and alerting mechanisms that identify early indicators of ATO attempts using SIEM, identity platforms, and threat intelligence. Perform root cause analysis of account compromises and contribute to process improvements to prevent recurrence. Build and maintain investigation runbooks, documentation, and workflows specific to ATO detection, response, and customer notification. Analyze emerging attack trends targeting SaaS authentication flows, such as phishing, session hijacking, and token theft, to evolve defenses. Contribute to internal training and knowledge sharing around ATO patterns, prevention, and investigative techniques. Qualifications
Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent practical experience. 3-5 years of experience in incident response, fraud investigation, or security operations with a focus on user or application security. Hands-on experience with identity and access management systems (e.g., Okta, Duo, or similar). Experience investigating ATOs or credential-based threats using logs from SIEM, IAM, and behavioral analytics platforms. Familiarity with common ATO tactics (e.g., credential stuffing, phishing, session reuse) and the MITRE ATT&CK framework. Strong analytical skills with the ability to recognize subtle patterns across disparate data sources. Proficiency in log analysis and querying tools (e.g., Splunk, Snowflake) to investigate activity and develop detections. Ability to work independently and cross-functionally in a fast-paced, customer-impacting environment. Excellent verbal and written communications skills Nice to have
Experience building detections for ATO or fraud-related activity in a SaaS environment. Familiarity with fraud signals such as IP reputation, device fingerprinting, geolocation anomalies, and behavioral risk scoring. Cyber Security certifications such as GIAC GCIH, GCFA, GCFE, or AWS Security Specialty. Understanding of OAuth, SAML, and session management in web and mobile applications. Experience working with customer support, fraud, and legal teams in the context of user-impacting security events. Location
San Diego, CA Compensation & Benefits
The compensation for this role is typically in the range of $94,400 - $118,000 base pay. The actual compensation will be determined by factors such as skills, education, experience, and internal equity. Compensation is one part of a comprehensive Total Rewards package. About AppFolio
AppFolio is the technology leader powering the future of the real estate industry. For more information, visit appfolio.com.
#J-18808-Ljbffr