Responsibilities
Live Fraud Investigation & Reconstruction
- Lead investigations into complex fraud cases across identities, accounts, devices, and transaction surfaces
- Provide support to day-to-day fraud operations including SEVs and alert triage
- Reconstruct attacker sequences and hypothesize actor intent and tooling
- Distill patterns from noisy signals into clear narratives and actionable insights
- Bridge investigation outcomes to product and model improvements
Signal & Tool Utilization at Scale
- Operate across Plaid's fraud tooling — dashboards, alerting systems, network signals, and analytics platforms — to detect and validate anomalies
- Stress-test existing capabilities, identify systemic gaps, and define new detection primitives
- Proactively identify gaps in internal fraud tooling and automation, driving enhancements to improve efficiency and scale
Product & Model Partnership
- Collaborate with Data Science, ML/AI, and Product teams to improve labeling, feature sets, evaluation frameworks, and model decay monitoring
- Surface data quality limitations and systematically formalize missing features
- Translate exploratory research into reusable feature pipelines, model inputs, or rule augmentations
- Participate in product discovery, roadmap planning, and post-launch evaluation to ensure fraud-awareness by design
Deep Applied Fraud Research
- Conduct longitudinal and structural analysis of how fraud types manifest in Plaid network data — entity linkages, temporal patterns, attack rotations, tool chains
- Experiment with network/graph analysis, sequence mining, anomaly detection, and custom heuristics where off-the-shelf approaches fail
Ecosystem Monitoring & Knowledge Leadership
- Continuously survey external fraud trends, adversary techniques, tooling, and emerging threat vectors
- Proactively perform threat modeling of abuse surfaces and initiate research proposals when patterns emerge
Case Studies & Reporting
- Produce clear, evidence-backed technical reports and case studies for product, engineering, operations, legal, and executive stakeholders
- Document investigation workflows, attack classifications, and proof-of-concept detection logic
- Drive post-incident learning by capturing lessons from fraud incidents and feeding them back into defenses
Qualifications
- 3+ years of applied fraud experience in a high-velocity environment (fintech, consumer payments, banking, SaaS, marketplace risk, or security research)
- Investigator mindset: pattern synthesis, hypothesis testing, and skilled triage between signal and noise
- End-to-end investigation experience reconstructing attacker intent and behavior in multi-step attack sequences across accounts, devices, and identities
- Post-containment incident response experience with a deep emphasis on post-mortems and root cause analysis
- Dark and grey-web navigation and investigation experience; ability to assess source credibility and translate external intelligence into actionable insights
- Strong communication: ability to explain complex, ambiguous behavior to technical and non-technical audiences
- Tool fluency with data environments and investigative toolchains (BI tools, anomaly detection, case trackers)
Preferred
- SQL for deep data querying and exploratory analysis
- Python for scripting, rapid prototyping, and analytical workflows
- Graph/network analysis experience to detect linked behavioral structures or actor networks
- Familiarity with rule engines, signal gating, and large-scale monitoring systems
- Experience applying AI tools and agents to accelerate investigations and research workflows
- Ability to translate fraud research into actionable signals, rules, or labeled datasets that improve model performance
Nice to Have
- Fraud domain certifications (e.g., CFE)
- Prior work on consumer identity, payments, or risk platform development
- Exposure to production ML model lifecycles and metrics for drift/decay
- Experience improving internal fraud tooling, automation, or case management systems