Skip to main content
Back to jobs

Software Engineer II - Entity Intelligence

External
Abnormal Security logoAbnormal Security · Bangalore, India
Full-timeHybrid2d ago
Data AnalysisDocumentationDynamoDBElasticsearchKafkaObservability
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

Enterprises of all sizes trust Abnormal's AI-native security products to stop cybercrime and protect critical communications, identities, and infrastructure in the cloud. Our products are data- and systems-intensive , operating at high scale and low latency across multiple clouds and regions. As a Software Engineer II on the Entity Intelligence Team , you are a highly capable detection feature owner: you take a detection problem, come up with an idea, design a technical approach, and drive it end-to-end, from design and implementation through launch, operation, and continuous improvement. You will work with a world-class group of engineers, product managers, and data scientists to build and operate detection that is reliable, scalable, and AI-native by default . This role focuses on impersonation detection , including brand, lookalike-domain, VIP and employee impersonation. It is ideal for an engineer who has already shipped meaningful production systems, wants more ownership and impact, and is excited to use AI to build detection that was not possible before. The Entity Intelligence Team (EIT) is an attack-detection team inside Abnormal's Detection org. We own several of the highest-visibility detection surfaces at the company, spanning attachment-based attacks, fraud, and impersonation. We work the way an analyst would: we study the attacks that get through, understand the underlying pattern, and translate it into system-level detection enhancements that generalize beyond the individual attack. We are also one of the most AI-forward teams at Abnormal. We build and operate LLM-based detection agents and treat internal AI tooling as a first-class deliverable. Every engineer here writes detection logic and builds AI agents. Impersonation is one of the most damaging and visible classes of attack we defend against, where even simple attacks that slip through erode customer trust, so this is a surface we hold to a very high bar.

Responsibilities

  • Design, build, and operate detection that is core to Abnormal's products, from initial design through rollout, monitoring, and ongoing maintenance.
  • Own detection projects end-to-end, including those that begin with a degree of ambiguity: scope loosely defined problems, identify risks, define milestones, and deliver reliably.
  • Analyze attacks that get through. Pull and study missed-attack data, read the messages the way an attacker and an analyst would, identify the underlying pattern, and translate it into detection enhancements or entirely new detection systems.
  • Write and tune detection logic using scored signals and attributes, add new signals across the pipeline, and drive changes to launch with a strong focus on minimizing false positives.
  • Build and evaluate LLM-based detection agents, and measure precision and recall rigorously with our evaluation tooling.
  • Surface your detections as reusable intelligence that other products and teams across the platform can consume.
  • Participate in the on-call rotation for your detection surfaces, debug and resolve customer escalations, and feed learnings back into design, observability, and runbooks across regions.
  • Leverage AI as a core part of your development loop for code, tests, data analysis, experiments, and documentation, while maintaining strong engineering judgment and validation practices.
  • Contribute to team health and culture by documenting heavily, sharing learnings, and giving thoughtful feedback in code and design reviews.

Requirements

  • 3+ years of professional software engineering experience , with a track record of shipping and operating production systems.
  • Strong software engineering fundamentals: data structures, algorithms, system design basics, testing, debugging, and clean, maintainable code.
  • Strong Python proficiency and comfort learning new languages and frameworks as needed.
  • Solid data-analysis instincts. You are comfortable with SQL and reasoning over large datasets to find signals in noise.
  • A detection or adversarial mindset. You enjoy thinking like an attacker, reading real attack samples, and asking, "How would I get past this?"
  • Genuine fluency with AI-native development. You already use AI coding agents in your daily work and are excited to build LLM-powered detection, not just consume AI tools.
  • Demonstrated ability to own projects that carry some initial ambiguity: clarify and scope loosely defined requirements, make tradeoffs explicit, deliver on time, and communicate status clearly.
  • Excellent written and verbal communication , especially in remote, distributed teams. We make decisions in writing.
  • A strong growth mindset and sense of ownership.
  • Nice to Have Skills
  • Experience with distributed systems , high-throughput pipelines, or large-scale data stores (e.g., PostgreSQL, DynamoDB, Redis, RocksDB, Kafka, Spark, OpenSearch/Elasticsearch).
  • Background in security, threat detection, anti-abuse, fraud detection, or trust and safety , particularly system

Benefits

Health insuranceRemote work options

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Abnormal Security? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect