Evergreen - Software Engineer 2 (Fullstack), Threat Narrative

About the Role

At Abnormal AI, our mission is to protect the world’s largest enterprises from advanced email and collaboration attacks. The Threat Narrative team transforms complex signals from our detection systems into clear, actionable stories that help customers understand the attacks we stop and the value of our platform.

As a Software Engineer, Fullstack on the Threat Narrative team, you will help build the next generation of email-centric narrative experiences across Email Details and Threat Narrative views, with a focus on clearly communicating Abnormal detections to customers. You will work closely with GenAI and LLM-powered systems that distill thousands of low-level detection features and signals into concise, trustworthy explanations that customers can immediately act on. You will implement full-stack features end-to-end, from backend APIs and data contracts through to performant, intuitive UIs in the customer portal and internal tools that surface these explanations in the right context. Your work will directly shape how customers perceive Abnormal’s detection quality and how they reason about threats at scale. This role is ideal for an engineer who enjoys owning well-scoped systems, learning from senior partners, and combining strong engineering fundamentals with product intuition and storytelling.

What you will do

• Design and implement fullstack features across Threat Narrative and Email Details surfaces, including customer portal components, internal analyst tools, and QBR-facing outputs, with guidance from senior engineers.
• Implement and evolve APIs and services that generate enriched narratives from attack data, enrichment signals, and GenAI/LLM agents, following established contracts and patterns.
• Contribute to data models and explainability contracts that make complex threat decisions more understandable to customers and internal analysts.
• Write high-quality, well-tested Python/Django and React/Typescript code, focusing on correctness, performance, and maintainability.
• Participate in owning SLAs/SLOs, observability, and incident response for Threat Narrative and Email Details services by building and improving dashboards, alerts, and runbooks in the areas you own.
• Collaborate closely with Product, CS, GTM, Threat Intel, Detection, and DS partners to ensure narrative experiences clearly communicate attack context, value, and outcomes for customers.
• Engage in design and code reviews, learn from more senior engineers, and surface opportunities to simplify, derisk, and improve existing systems.

Must Haves

• 2+ years of professional, production-level software engineering experience, with a track record of shipping and operating fullstack web applications in cloud-native environments.
• Proficiency in Python and Django (or a similar backend framework), and comfort working with Postgres or similar relational databases.
• Experience building modern frontend applications with React and Typescript, including data-heavy or workflow-centric UIs.
• Ability to design and work with well-structured APIs and data models for data-intensive applications, with attention to correctness and evolvability.
• Experience using metrics, logging, and tracing to debug production issues and understand user behavior in at least one prior system.
• Strong collaboration and communication skills, including working effectively with Product and partner engineering teams to translate requirements into clear technical tasks.
• Experience with AI development tools.
• Bachelor’s degree in Computer Science, Information Systems, or a related technical field, or equivalent practical experience.

Nice to Have

• Experience building or integrating LLM/GenAI-powered features (e.g., prompt design, simple agents, or explainability) in production or pre-production systems.
• Familiarity with cybersecurity data, threat intelligence, or detection systems, especially in the context of email and collaboration security.
• Exposure to big data and batch processing technologies (e.g., Spark, Databricks, Airflow, Kafka) used to power analytics, narratives, or offline enrichment.
• Experience collaborating on multi-team initiatives and contributing to shared components, data contracts, or cross-surface UX.