Software Engineer 2 (Fullstack), Threat Narrative

About the Role

At Abnormal AI, our mission is to protect the world’s largest enterprises from advanced email and collaboration attacks. The Threat Narrative team transforms complex signals from our detection systems into clear, actionable stories that help customers understand the attacks we stop and the value of our platform.

As a Software Engineer, Fullstack on the Threat Narrative team, you will help build the next generation of email-centric narrative experiences across Email Details and Threat Narrative views, with a focus on clearly communicating Abnormal detections to customers. You will work closely with GenAI and LLM-powered systems that distill thousands of low-level detection features and signals into concise, trustworthy explanations that customers can immediately act on. You will implement full-stack features end-to-end, from backend APIs and data contracts through to performant, intuitive UIs in the customer portal and internal tools that surface these explanations in the right context. Your work will directly shape how customers perceive Abnormal’s detection quality and how they reason about threats at scale. This role is ideal for an engineer who enjoys owning well-scoped systems, learning from senior partners, and combining strong engineering fundamentals with product intuition and storytelling.

What you will do 

• Design and implement fullstack features across Threat Narrative and Email Details surfaces, including customer portal components, internal analyst tools, and QBR-facing outputs, with guidance from senior engineers.
• Implement and evolve APIs and services that generate enriched narratives from attack data, enrichment signals, and GenAI/LLM agents, following established contracts and patterns.
• Contribute to data models and explainability contracts that make complex threat decisions more understandable to customers and internal analysts.
• Write high-quality, well-tested Python/Django and React/Typescript code, focusing on correctness, performance, and maintainability.
• Participate in owning SLAs/SLOs, observability, and incident response for Threat Narrative and Email Details services by building and improving dashboards, alerts, and runbooks in the areas you own.
• Collaborate closely with Product, CS, GTM, Threat Intel, Detection, and DS partners to ensure narrative experiences clearly communicate attack context, value, and outcomes for customers.
• Engage in design and code reviews, learn from more senior engineers, and surface opportunities to simplify, derisk, and improve existing systems.

Must Haves

• 2+ years of professional, production-level software engineering experience, with a track record of shipping and operating fullstack