AppFolio
Overview
Information Security San Diego, California; Dallas, Texas; Santa Barbara, California; Remote - San Francisco, CA; Remote - Denver, CO; Remote - Atlanta, GA; Remote - Chicago, IL; Remote - Washington DC, United States AppFolio is more than a company. Were a community of dreamers, big thinkers, problem solvers, active listeners, and multipliers. We set the pace while delivering innovation built to carry real estate into the future. We empower customers to take on opportunities. We show up as one team, connected by our values to be a force for good, creating extraordinary outcomes for our customers, communities, and ourselves. Your role
The Information Security Analyst will focus on detecting, investigating, and responding to account takeovers (ATO) and other security threats across AppFolios platforms. This role involves identifying early indicators of compromise, triaging anomalous behavior, and analyzing attacker patterns related to credential misuse, session hijacking, and social engineering. The analyst will collaborate closely with the security, fraud, risk, and engineering teams to investigate suspicious activity, reduce time to containment, and protect user accounts from unauthorized access. Responsibilities
Monitor security alerts and events to detect, investigate, and respond to cybersecurity incidents in real-time. Investigate suspected Account Takeover (ATO) cases by analyzing authentication logs, user behavior, device intelligence, and related signals across AppFolios platform. Identify, contain, and remediate fraudulent activity associated with compromised accounts to minimize customer impact. Collaborate closely with customer support, fraud, and engineering teams to triage reports, escalate critical threats, and support impacted users. Develop detection logic and alerting mechanisms that identify early indicators of ATO attempts using SIEM, identity platforms, and threat intelligence. Perform root cause analysis of account compromises and contribute to process improvements to prevent recurrence. Build and maintain investigation runbooks, documentation, and workflows specific to ATO detection, response, and customer notification. Analyze emerging attack trends targeting SaaS authentication flows, such as phishing, session hijacking, and token theft, to evolve defenses. Contribute to internal training and knowledge sharing around ATO patterns, prevention, and investigative techniques. Qualifications
Bachelors degree in Information Security, Computer Science, or a related field, or equivalent practical experience. 3-5 years of experience in incident response, fraud investigation, or security operations with a focus on user or application security. Hands-on experience with identity and access management systems (e.g., Okta, Duo, or similar). Experience investigating ATOs or credential-based threats using logs from SIEM, IAM, and behavioral analytics platforms. Familiarity with common ATO tactics (e.g., credential stuffing, phishing, session reuse) and the MITRE ATT&CK framework. Strong analytical skills with the ability to recognize subtle patterns across disparate data sources. Proficiency in log analysis and querying tools (e.g., Splunk, Snowflake) to investigate activity and develop detections. Ability to work independently and cross-functionally in a fast-paced, customer-impacting environment. Excellent verbal and written communications skills. Nice to have
Experience building detections for ATO or fraud-related activity in a SaaS environment. Familiarity with fraud signals such as IP reputation, device fingerprinting, geolocation anomalies, and behavioral risk scoring. Cyber Security certifications such as GIAC GCIH, GCFA, GCFE, or AWS Security Specialty. Understanding of OAuth, SAML, and session management in web and mobile applications. Experience working with customer support, fraud, and legal teams in the context of user-impacting security events. Location
Find out more about our locations by visiting our site. Compensation
The compensation that we reasonably expect to pay for this role is: $94,400 - $118,000 base pay. The actual compensation for this role will be determined by a variety of factors, including but not limited to the candidates skills, education, experience, and internal equity. Please note that compensation is just one aspect of a comprehensive Total Rewards package. The compensation range listed here does not include additional benefits or any discretionary bonuses you may be eligible for based on your role and/or employment type. Regular full-time employees are eligible for benefits - see here. About AppFolio
AppFolio is the technology leader powering the future of the real estate industry. Our innovative platform and trusted partnership enable our customers to connect communities, increase operational efficiency, and grow their business. For more information about AppFolio, visit appfolio.com. Equal Opportunity
Statement of Equal Opportunity: At AppFolio, we value diversity in backgrounds and perspectives and are an Equal Opportunity Employer. We welcome applicants regardless of race, color, religion, sex, sexual orientation, gender identification, national origin, age, marital status, ancestry, disability, or veteran status. By submitting this form, I acknowledge I have reviewed AppFolio's Privacy Policy. You have been redirected to an AppFolio job page #J-18808-Ljbffr
Information Security San Diego, California; Dallas, Texas; Santa Barbara, California; Remote - San Francisco, CA; Remote - Denver, CO; Remote - Atlanta, GA; Remote - Chicago, IL; Remote - Washington DC, United States AppFolio is more than a company. Were a community of dreamers, big thinkers, problem solvers, active listeners, and multipliers. We set the pace while delivering innovation built to carry real estate into the future. We empower customers to take on opportunities. We show up as one team, connected by our values to be a force for good, creating extraordinary outcomes for our customers, communities, and ourselves. Your role
The Information Security Analyst will focus on detecting, investigating, and responding to account takeovers (ATO) and other security threats across AppFolios platforms. This role involves identifying early indicators of compromise, triaging anomalous behavior, and analyzing attacker patterns related to credential misuse, session hijacking, and social engineering. The analyst will collaborate closely with the security, fraud, risk, and engineering teams to investigate suspicious activity, reduce time to containment, and protect user accounts from unauthorized access. Responsibilities
Monitor security alerts and events to detect, investigate, and respond to cybersecurity incidents in real-time. Investigate suspected Account Takeover (ATO) cases by analyzing authentication logs, user behavior, device intelligence, and related signals across AppFolios platform. Identify, contain, and remediate fraudulent activity associated with compromised accounts to minimize customer impact. Collaborate closely with customer support, fraud, and engineering teams to triage reports, escalate critical threats, and support impacted users. Develop detection logic and alerting mechanisms that identify early indicators of ATO attempts using SIEM, identity platforms, and threat intelligence. Perform root cause analysis of account compromises and contribute to process improvements to prevent recurrence. Build and maintain investigation runbooks, documentation, and workflows specific to ATO detection, response, and customer notification. Analyze emerging attack trends targeting SaaS authentication flows, such as phishing, session hijacking, and token theft, to evolve defenses. Contribute to internal training and knowledge sharing around ATO patterns, prevention, and investigative techniques. Qualifications
Bachelors degree in Information Security, Computer Science, or a related field, or equivalent practical experience. 3-5 years of experience in incident response, fraud investigation, or security operations with a focus on user or application security. Hands-on experience with identity and access management systems (e.g., Okta, Duo, or similar). Experience investigating ATOs or credential-based threats using logs from SIEM, IAM, and behavioral analytics platforms. Familiarity with common ATO tactics (e.g., credential stuffing, phishing, session reuse) and the MITRE ATT&CK framework. Strong analytical skills with the ability to recognize subtle patterns across disparate data sources. Proficiency in log analysis and querying tools (e.g., Splunk, Snowflake) to investigate activity and develop detections. Ability to work independently and cross-functionally in a fast-paced, customer-impacting environment. Excellent verbal and written communications skills. Nice to have
Experience building detections for ATO or fraud-related activity in a SaaS environment. Familiarity with fraud signals such as IP reputation, device fingerprinting, geolocation anomalies, and behavioral risk scoring. Cyber Security certifications such as GIAC GCIH, GCFA, GCFE, or AWS Security Specialty. Understanding of OAuth, SAML, and session management in web and mobile applications. Experience working with customer support, fraud, and legal teams in the context of user-impacting security events. Location
Find out more about our locations by visiting our site. Compensation
The compensation that we reasonably expect to pay for this role is: $94,400 - $118,000 base pay. The actual compensation for this role will be determined by a variety of factors, including but not limited to the candidates skills, education, experience, and internal equity. Please note that compensation is just one aspect of a comprehensive Total Rewards package. The compensation range listed here does not include additional benefits or any discretionary bonuses you may be eligible for based on your role and/or employment type. Regular full-time employees are eligible for benefits - see here. About AppFolio
AppFolio is the technology leader powering the future of the real estate industry. Our innovative platform and trusted partnership enable our customers to connect communities, increase operational efficiency, and grow their business. For more information about AppFolio, visit appfolio.com. Equal Opportunity
Statement of Equal Opportunity: At AppFolio, we value diversity in backgrounds and perspectives and are an Equal Opportunity Employer. We welcome applicants regardless of race, color, religion, sex, sexual orientation, gender identification, national origin, age, marital status, ancestry, disability, or veteran status. By submitting this form, I acknowledge I have reviewed AppFolio's Privacy Policy. You have been redirected to an AppFolio job page #J-18808-Ljbffr