AppFolio
Overview
Join to apply for the
Security Detection Engineer I
role at
AppFolio . AppFolio is a community of dreamers, big thinkers, problem solvers, active listeners, and multipliers who drive innovation in real estate technology. We work as one team, guided by our values to create extraordinary outcomes for customers, communities, and ourselves. The Security Detection Engineer I will design, develop, and optimize detections that identify and prevent account takeover (ATO) activity across AppFolio’s platform. This role builds scalable detection logic and telemetry pipelines that surface suspicious patterns—such as credential stuffing, MFA abuse, session hijacking, or automation-based fraud. The engineer will collaborate with Security Analysts, Risk, Fraud, and Engineering teams to operationalize threat intelligence, improve alert fidelity, and reduce attacker dwell time while ensuring detections evolve with emerging ATO tactics. Responsibilities
Design, implement, and maintain detection logic to identify account takeover (ATO) attempts across AppFolio platforms. Develop and tune behavioral analytics and rule-based detections in SIEM and security data platforms to improve signal fidelity. Leverage threat intelligence, internal telemetry, and adversary TTPs to proactively build detection coverage for evolving ATO techniques. Collaborate with security analysts, fraud investigators, and engineering teams to validate alerts, reduce false positives, and ensure timely detection. Perform detection gap assessments and participate in purple team or simulation exercises to evaluate coverage for ATO scenarios. Automate detection engineering workflows using scripting and data pipelines for scale and efficiency. Contribute to threat modeling efforts and define detection use cases aligned with MITRE ATT&CK and real-world ATO patterns. Document detection logic, assumptions, tuning rationale, and testing methodology in standardized playbooks and engineering wikis. Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent work experience. 3–5 years of experience in detection engineering, security operations, or threat detection. Proficient with SIEM technologies (e.g., Splunk, Elastic), query languages (SPL, SQL, Kusto), and detection-as-code practices. Strong understanding of ATO threat landscape including credential stuffing, MFA abuse, session hijacking, and token replay attacks. Experience creating and tuning detection logic to identify anomalies across authentication, identity, and web traffic telemetry. Familiarity with MITRE ATT&CK, OWASP, and identity-based threat modeling frameworks. Hands-on experience with cloud-based environments (AWS preferred) and monitoring their security logs and event sources. Knowledge of version control (e.g., Git), CI/CD pipelines, and detection-as-code workflows (e.g., using Terraform, Python, Jupyter, or YAML). Excellent collaboration and communication skills with both technical and non-technical stakeholders. Excellent verbal and written communications skills. Nice to have
Experience with identity security tools and telemetry: Okta, Duo, etc. Familiarity with session-based ATO detection techniques, including cookie theft, browser fingerprinting, or geolocation analysis. Certifications such as GCDA, GCIH, AWS Security Specialty, or OSWE. Prior exposure to fraud prevention, customer account protection, or abuse detection platforms. Experience in adversary emulation or purple teaming to test and validate detections. Location
Find out more about our locations by visiting our site. Compensation & Benefits
The compensation we reasonably expect to pay for this role is:
$104,000-$130,000
base pay. The actual compensation will be determined by factors including skills, education, experience, and internal equity. Compensation is just one aspect of Total Rewards; benefits and discretionary bonuses may apply based on role and employment type. Regular full-time employees are eligible for benefits. About AppFolio
AppFolio is the technology leader powering the future of the real estate industry. Our platform enables customers to connect communities, increase operational efficiency, and grow their business. For more information, visit appfolio.com. Why AppFolio
Grow:
We enable a culture of high performance with opportunities for growth and meaningful rewards. Learn:
We invest in your development with coaching, mentorship, and tools to build your skills. Impact:
We strive to create a world where managing and supporting communities feels magical and effortless. Connect:
We support hybrid work and foster collaboration and innovation. Paddle as One.
Learn more at appfolio.com/company/careers Equal Opportunity
Statement of Equal Opportunity: AppFolio values diversity and is an Equal Opportunity Employer. We welcome applicants regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, ancestry, disability, or veteran status.
#J-18808-Ljbffr
Join to apply for the
Security Detection Engineer I
role at
AppFolio . AppFolio is a community of dreamers, big thinkers, problem solvers, active listeners, and multipliers who drive innovation in real estate technology. We work as one team, guided by our values to create extraordinary outcomes for customers, communities, and ourselves. The Security Detection Engineer I will design, develop, and optimize detections that identify and prevent account takeover (ATO) activity across AppFolio’s platform. This role builds scalable detection logic and telemetry pipelines that surface suspicious patterns—such as credential stuffing, MFA abuse, session hijacking, or automation-based fraud. The engineer will collaborate with Security Analysts, Risk, Fraud, and Engineering teams to operationalize threat intelligence, improve alert fidelity, and reduce attacker dwell time while ensuring detections evolve with emerging ATO tactics. Responsibilities
Design, implement, and maintain detection logic to identify account takeover (ATO) attempts across AppFolio platforms. Develop and tune behavioral analytics and rule-based detections in SIEM and security data platforms to improve signal fidelity. Leverage threat intelligence, internal telemetry, and adversary TTPs to proactively build detection coverage for evolving ATO techniques. Collaborate with security analysts, fraud investigators, and engineering teams to validate alerts, reduce false positives, and ensure timely detection. Perform detection gap assessments and participate in purple team or simulation exercises to evaluate coverage for ATO scenarios. Automate detection engineering workflows using scripting and data pipelines for scale and efficiency. Contribute to threat modeling efforts and define detection use cases aligned with MITRE ATT&CK and real-world ATO patterns. Document detection logic, assumptions, tuning rationale, and testing methodology in standardized playbooks and engineering wikis. Qualifications
Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent work experience. 3–5 years of experience in detection engineering, security operations, or threat detection. Proficient with SIEM technologies (e.g., Splunk, Elastic), query languages (SPL, SQL, Kusto), and detection-as-code practices. Strong understanding of ATO threat landscape including credential stuffing, MFA abuse, session hijacking, and token replay attacks. Experience creating and tuning detection logic to identify anomalies across authentication, identity, and web traffic telemetry. Familiarity with MITRE ATT&CK, OWASP, and identity-based threat modeling frameworks. Hands-on experience with cloud-based environments (AWS preferred) and monitoring their security logs and event sources. Knowledge of version control (e.g., Git), CI/CD pipelines, and detection-as-code workflows (e.g., using Terraform, Python, Jupyter, or YAML). Excellent collaboration and communication skills with both technical and non-technical stakeholders. Excellent verbal and written communications skills. Nice to have
Experience with identity security tools and telemetry: Okta, Duo, etc. Familiarity with session-based ATO detection techniques, including cookie theft, browser fingerprinting, or geolocation analysis. Certifications such as GCDA, GCIH, AWS Security Specialty, or OSWE. Prior exposure to fraud prevention, customer account protection, or abuse detection platforms. Experience in adversary emulation or purple teaming to test and validate detections. Location
Find out more about our locations by visiting our site. Compensation & Benefits
The compensation we reasonably expect to pay for this role is:
$104,000-$130,000
base pay. The actual compensation will be determined by factors including skills, education, experience, and internal equity. Compensation is just one aspect of Total Rewards; benefits and discretionary bonuses may apply based on role and employment type. Regular full-time employees are eligible for benefits. About AppFolio
AppFolio is the technology leader powering the future of the real estate industry. Our platform enables customers to connect communities, increase operational efficiency, and grow their business. For more information, visit appfolio.com. Why AppFolio
Grow:
We enable a culture of high performance with opportunities for growth and meaningful rewards. Learn:
We invest in your development with coaching, mentorship, and tools to build your skills. Impact:
We strive to create a world where managing and supporting communities feels magical and effortless. Connect:
We support hybrid work and foster collaboration and innovation. Paddle as One.
Learn more at appfolio.com/company/careers Equal Opportunity
Statement of Equal Opportunity: AppFolio values diversity and is an Equal Opportunity Employer. We welcome applicants regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, ancestry, disability, or veteran status.
#J-18808-Ljbffr