Security Detection Engineer I

Information Security San Diego, California Dallas, Texas Santa Barbara, California Remote - San Francisco, CA Remote - Denver, CO Remote - Atlanta, GA Remote - Chicago, IL Remote - Washington DC, United States

Apply

Description

AppFolio is more than a company. We’re a community of dreamers, big thinkers, problem solvers, active listeners, and multipliers. At every opportunity, we set the pace while delivering innovation built to carry real estate into the future. One in which every experience feels effortless, yet meaningful. Where customers are empowered to take on any opportunity. We show up as one team, connected by our values to be a force for good. Because together, we have the power to create extraordinary outcomes for our customers, our communities, and ourselves.

The Security Detection Engineer I will design, develop, and optimize detections that identify and prevent account takeover (ATO) activity across AppFolio’s platform. This role is responsible for building scalable detection logic and telemetry pipelines that surface suspicious patterns—such as credential stuffing, MFA abuse, session hijacking, or automation-based fraud. The engineer will work closely with Security Analysts, Risk, Fraud, and Engineering teams to operationalize threat intelligence, improve alert fidelity, and reduce attacker dwell time while ensuring detections evolve with emerging ATO tactics.

Your impact 
  • Design, implement, and maintain detection logic to identify account takeover (ATO) attempts across AppFolio platforms.
  • Develop and tune behavioral analytics and rule-based detections in SIEM and security data platforms to improve signal fidelity.
  • Leverage threat intelligence, internal telemetry, and adversary TTPs to proactively build detection coverage for evolving ATO techniques.
  • Collaborate with security analysts, fraud investigators, and engineering teams to validate alerts, reduce false positives, and ensure timely detection.
  • Perform detection gap assessments and participate in purple team or simulation exercises to evaluate coverage for ATO scenarios.
  • Automate detection engineering workflows using scripting and data pipelines for scale and efficiency.
  • Contribute to threat modeling efforts and define detection use cases aligned with MITRE ATT&CK and real-world ATO patterns.
  • Document detection logic, assumptions, tuning rationale, and testing methodology in standardized playbooks and engineering wikis.

Qualifications 
  • Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent work experience.
  • 3–5 years of experience in detection engineering, security operations, or threat detection.
  • Proficient with SIEM technologies (e.g., Splunk, Elastic), query languages (SPL, SQL, Kusto), and detection-as-code practices.
  • Strong understanding of ATO threat landscape including credential stuffing, MFA abuse, session hijacking, and token replay attacks.
  • Experience creating and tuning detection logic to identify anomalies across authentication, identity, and web traffic telemetry.
  • Familiarity with MITRE ATT&CK, OWASP, and identity-based threat modeling frameworks.
  • Hands-on experience with cloud-based environments (AWS preferred) and monitoring their security logs and event sources.
  • Knowledge of version control (e.g., Git), CI/CD pipelines, and detection-as-code workflows (e.g., using Terraform, Python, Jupyter, or YAML).
  • Excellent collaboration skills with a strong ability to communicate detection rationale to technical and non-technical stakeholders.
  • Excellent verbal and written communications skills

Nice to have
  • Experience with identity security tools and telemetry: Okta, Duo, etc.
  • Familiarity with session-based ATO detection techniques, including cookie theft, browser fingerprinting, or geolocation analysis.
  • Certifications such as GIAC Certified Detection Analyst (GCDA), GIAC Certified Incident Handler Certification (GCIH), AWS Security Specialty, or OSWE.
  • Prior exposure to fraud prevention, customer account protection, or abuse detection platforms.
  • Experience in adversary emulation or purple teaming to test and validate detections.

Location
Find out more about our locations by visiting our site
Compensation & Benefits
The compensation that we reasonably expect to pay for this role is: $104,000-$130,000 base pay. The actual compensation for this role will be determined by a variety of factors, including but not limited to the candidate’s skills, education, experience, and internal equity.
Please note that compensation is just one aspect of a comprehensive Total Rewards package. The compensation range listed here does not include additional benefits or any discretionary bonuses you may be eligible for based on your role and/or employment type.

Regular full-time employees are eligible for benefits - see here.
 
#LI-KB1

About AppFolio

AppFolio is the technology leader powering the future of the real estate industry. Our innovative platform and trusted partnership enable our customers to connect communities, increase operational efficiency, and grow their business. For more information about AppFolio, visit appfolio.com.

Why AppFolio

Grow | We enable a culture of high performance, where delivering results is recognized by opportunities for growth and compelling total rewards. Our challenging and meaningful work drive the growth of our business, and ourselves.

Learn | We partner with you to realize your potential by investing in you from the start. We're cultivating a team of big thinkers through coaching and mentorship with our best-in-class leaders, and giving you the time and tools to develop your skills.

Impact | We are creating a world where living in, investing in, managing, and supporting communities feels magical and effortless, freeing people to thrive. We do this by innovating with purpose while cultivating a culture of impact. We learn as much from each other as we do our customers and our communities.

Connect | We excel at hybrid work by fostering an environment that feels flexible, personal and connected, no matter where we are. We create space to fuel innovation and collaboration, and we come together to celebrate, connect, and succeed.

Paddle as One.

Learn more at appfolio.com/company/careers

Statement of Equal Opportunity

At AppFolio, we value diversity in backgrounds and perspectives and depend on it to drive our innovative culture. That’s why we’re a proud Equal Opportunity Employer, and we believe that our products, our teams, and our business are stronger because of it. This means that no matter what race, color, religion, sex, sexual orientation, gender identification, national origin, age, marital status, ancestry, physical or mental disability, or veteran status, you’re always welcome at AppFolio.

By submitting this form, I acknowledge I have reviewed AppFolio's Privacy Policy.

Apply Apply Later
← Back to Current Openings