AppFolio is more than a company. We’re a community of dreamers, big thinkers, problem solvers, active listeners, and multipliers. At every opportunity, we set the pace while delivering innovation built to carry real estate into the future. One in which every experience feels effortless, yet meaningful. Where customers are empowered to take on any opportunity. We show up as one team, connected by our values to be a force for good. Because together, we have the power to create extraordinary outcomes for our customers, our communities, and ourselves.
The Security Detection Engineer I will design, develop, and optimize detections that identify and prevent account takeover (ATO) activity across AppFolio’s platform. This role is responsible for building scalable detection logic and telemetry pipelines that surface suspicious patterns—such as credential stuffing, MFA abuse, session hijacking, or automation-based fraud. The engineer will work closely with Security Analysts, Risk, Fraud, and Engineering teams to operationalize threat intelligence, improve alert fidelity, and reduce attacker dwell time while ensuring detections evolve with emerging ATO tactics.

QUALIFICATIONS

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent work experience.
• 3–5 years of experience in detection engineering, security operations, or threat detection.
• Proficient with SIEM technologies (e.g., Splunk, Elastic), query languages (SPL, SQL, Kusto), and detection-as-code practices.
• Strong understanding of ATO threat landscape including credential stuffing, MFA abuse, session hijacking, and token replay attacks.
• Experience creating and tuning detection logic to identify anomalies across authentication, identity, and web traffic telemetry.
• Familiarity with MITRE ATT&CK, OWASP, and identity-based threat modeling frameworks.
• Hands-on experience with cloud-based environments (AWS preferred) and monitoring their security logs and event sources.
• Knowledge of version control (e.g., Git), CI/CD pipelines, and detection-as-code workflows (e.g., using Terraform, Python, Jupyter, or YAML).
• Excellent collaboration skills with a strong ability to communicate detection rationale to technical and non-technical stakeholders.
• Excellent verbal and written communications skills

Please refer the Job description for details