Enterprises of all sizes trust Abnormal's AI-native security products to stop cybercrime and protect critical communications, identities, and infrastructure in the cloud. Our products are data- and systems-intensive, operating at high scale and low latency across multiple clouds and regions.
As a Software Engineer II on the Entity Intelligence Team, you are a highly capable detection feature owner: you take a detection problem, come up with an idea, design a technical approach, and drive it end-to-end, from design and implementation through launch, operation, and continuous improvement. You will work with a world-class group of engineers, product managers, and data scientists to build and operate detection that is reliable, scalable, and AI-native by default.
This role focuses on impersonation detection, including brand, lookalike-domain, VIP and employee impersonation. It is ideal for an engineer who has already shipped meaningful production systems, wants more ownership and impact, and is excited to use AI to build detection that was not possible before.
About the TeamThe Entity Intelligence Team (EIT) is an attack-detection team inside Abnormal's Detection org. We own several of the highest-visibility detection surfaces at the company, spanning attachment-based attacks, fraud, and impersonation. We work the way an analyst would: we study the attacks that get through, understand the underlying pattern, and translate it into system-level detection enhancements that generalize beyond the individual attack.
We are also one of the most AI-forward teams at Abnormal. We build and operate LLM-based detection agents and treat internal AI tooling as a first-class deliverable. Every engineer here writes detection logic and builds AI agents. Impersonation is one of the most damaging and visible classes of attack we defend against, where even simple attacks that slip through erode customer trust, so this is a surface we hold to a very high bar.
What You'll Do- Design, build, and operate detection that is core to Abnormal's products, from initial design through rollout, monitoring, and ongoing maintenance.
- Own detection projects end-to-end, including those that begin with a degree of ambiguity: scope loosely defined problems, identify risks, define milestones, and deliver reliably.
- Analyze attacks that get through. Pull and study missed-attack data, read the messages the way an attacker and an analyst would, identify the underlying pattern, and translate it into detection enhancements or entirely new detection systems.
- Write and tune detection logic using scored signals and attributes, add new signals across the pipeline, and drive changes to launch with a strong focus on minimizing false positives.
- Build and evaluate LLM-based detection agents, and measure precision and recall rigorously with our evaluation tooling.
- Surface your detections as reusable intelligence that other products and teams across the platform can consume.
- Participate in the on-call rotation for your detection surfaces, debug and resolve customer escalations, and feed learnings back into design, observability, and runbooks across regions.
- Leverage AI as a core part of your development loop for code, tests, data analysis, experiments, and documentation, while maintaining strong engineering judgment and validation practices.
- Contribute to team health and culture by documenting heavily, sharing learnings, and giving thoughtful feedback in code and design reviews.
- 3+ years of professional software engineering experience, with a track record of shipping and operating production systems.
- Strong software engineering fundamentals: data structures, algorithms, system design basics, testing, debugging, and clean, maintainable code.
- Strong Python proficiency and comfort learning new languages and frameworks as needed.
- Solid data-analysis instincts. You are comfortable with SQL and reasoning over large datasets to find signals in noise.
- A detection or adversarial mindset. You enjoy thinking like an attacker, reading real attack samples, and asking, "How would I get past this?"
- Genuine fluency with AI-native development. You already use AI coding agents in your daily work and are excited to build LLM-powered detection, not just consume AI tools.
- Demonstrated ability to own projects that carry some initial ambiguity: clarify and scope loosely defined requirements, make tradeoffs explicit, deliver on time, and communicate status clearly.
- Excellent written and verbal communication, especially in remote, distributed teams. We make decisions in writing.
- A strong growth mindset and sense of ownership.
- Experience with distributed systems, high-throughput pipelines, or large-scale data stores (e.g., PostgreSQL, DynamoDB, Redis, RocksDB, Kafka, Spark, OpenSearch/Elasticsearch).
- Background in security, threat detection, anti-abuse, fraud detection, or trust and safety, particularly systems processing high volumes of email or communication data.
- Experience with ML or LLM evaluation: precision/recall tradeoffs, eval harnesses, prompt iteration.
- Familiarity with domain and DNS concepts (such as typosquatting and homoglyphs) or with identity and impersonation signals.
- Experience with large-scale data tooling (e.g., Databricks, Spark, Airflow) and distributed pipelines.
- Experience with containerization and orchestration (Docker, Kubernetes) and infrastructure-as-code tooling.
- Familiarity with modern frontend frameworks (e.g., React) for full-stack roles, or with ML/ML Ops for Detection/MLE-focused roles.
- Prior experience in a fast-paced, high-growth startup environment where you’ve had to balance speed, quality, and ambiguity.
- You'll solve hard, meaningful problems at the intersection of AI, security, and large-scale detection, where your work maps directly to attacks caught and customers protected.
- You'll work with smart, kind, and ambitious teammates who care deeply about detection craft, learning, and helping each other grow.
- You'll get real ownership and autonomy over an important detection surface, not a ticket queue, with clear opportunities to grow toward Senior and Staff roles.
- You'll be part of an AI-native R&D organization with strong investment in tools, workflows, and training to help engineers use AI to move faster while raising the quality bar.
#LI-AD2
AI and our hiring process
Abnormal AI uses AI-assisted tools to help our recruiting team prepare for candidate interviews. These tools analyze resume content and role requirements to suggest interview questions and identify areas for the interviewer to explore. They do not make hiring decisions or screen candidates automatically. Every decision about a candidacy is made by a person.
Abnormal AI is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or other characteristics protected by law. For our EEO policy statement please click here. If you would like more information on your EEO rights under the law, please click here.
Skills Required
- 3+ years of professional software engineering experience with a track record of shipping and operating production systems
- Strong software engineering fundamentals: data structures, algorithms, system design, testing, debugging, and clean maintainable code
- Strong Python proficiency
- Comfort with SQL and reasoning over large datasets
- Detection or adversarial mindset (ability to analyze attacks and think like an attacker)
- Fluency with AI-native development and experience building or using LLM-powered tools/agents
- Demonstrated ability to own ambiguous projects end-to-end and communicate status clearly
- Excellent written and verbal communication, especially for distributed teams
- Willingness to participate in on-call rotation and handle customer escalations
- Experience with distributed systems, high-throughput pipelines, or large-scale data stores (PostgreSQL, DynamoDB, Redis, RocksDB, Kafka, Spark)
- Background in security, threat detection, anti-abuse, fraud detection, or trust and safety
- Experience with ML or LLM evaluation, precision/recall tradeoffs, and eval harnesses
- Familiarity with domain and DNS concepts (typosquatting, homoglyphs) or identity/impersonation signals
- Experience with large-scale data tooling (Databricks, Spark, Airflow) and distributed pipelines
- Experience with containerization and orchestration (Docker, Kubernetes) and infrastructure-as-code
- Familiarity with modern frontend frameworks (React) or ML/ML Ops
- Prior experience in a fast-paced, high-growth startup environment
Abnormal Security Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Abnormal Security and has not been reviewed or approved by Abnormal Security.
-
Fair & Transparent Compensation — Pay is considered aggressively benchmarked to leading tech markets with annual reviews, and feedback suggests engineering and sales roles are compensated competitively with strong upside potential.
-
Healthcare Strength — Health coverage is portrayed as robust, including employer-paid premiums for employees in prior postings, One Medical access, and globally designed healthcare and parental leave.
-
Leave & Time Off Breadth — Time off provisions include flexible/unlimited PTO, company holidays, and paid parental leave that the company positions as globally available.
Abnormal Security Insights
What We Do
The Abnormal Security platform protects enterprises from targeted email attacks. Abnormal Behavior Technology (ABX) models the identity of both employees and external senders, profiles relationships and analyzes email content to stop attacks that lead to account takeover, financial damage and organizational mistrust. Though one-click, API-based Office 365 and G Suite integration, Abnormal sets up in minutes and does not disrupt email flow. Abnormal Security was founded in 2018 by CEO Evan Reiser, CTO Sanjay Jeyakumar, Head of Machine Learning Jeshua Bratman, and Founding Engineers Abhijit Bagri and Dmitry Chechik. The team previously built behavioral profiling and machine learning technologies at Twitter, Google and Pinterest that are being applied to solve a problem that costs organizations $1 billion per year, according to the FBI. The Abnormal Security platform stops targeted phishing, business email compromise and account takeover attacks that have never been seen before.

.png)






