Manager, Threat Investigations

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities â€" we're just getting started.

Facebook seeks a highly motivated team player to serve as Manager of Threat Investigations. This person will be responsible for leading, developing, and scaling a technical investigations team with the goal of predicting, tracking, and responding to advanced cyber threats against Facebook's community of users.

RESPONSIBILITIES

  • Staff and manage a high-performance team in a technical investigations and intelligence organization
  • Develop and hone strategy to discover, investigate, track, and disrupt online bad actors with the interest and capability to target Facebook's users
  • Develop a program to maximize the team's impact, to include creating team policies, making process improvements, and working with partner engineering and solutions teams
  • Systematically work to apply insights gleaned from investigations and other inputs to proactively mitigate risk
  • Develop, coach, mentor, and ensure high performance in a fast-paced environment
  • Ensure maintenance of knowledge base regarding present and past investigations
  • Work closely with partner teams and technical investigations staff across the company and collaborate with broader security industry partners
  • Scale investigative processes through innovations in tools, procedures, and workflow
MINIMUM QUALIFICATIONS
  • 5+ years of investigations work experience involving technical online threats or computer network operations
  • 5+ years of leadership experience
  • Experience in computer forensics, security engineering, security operations, and other network defense and cyber intelligence frameworks
  • Experience tracking threat campaigns and identifying, developing, and implementing countermeasures
  • Knowledge of using and writing scripts in Bash, Perl, or Python
  • Knowledge of relational databases and SQL
  • Analytical and problem-solving experience
  • Management experience
  • Experience shaping strategy and executing against that strategy, with prioritization of people and resources
  • Knowledge of a variety of Internet research tools
  • Experience working cross-functionally with security engineers, analysts, project managers, technicians, and customers
PREFFERED QUALIFICATIONS
  • Experience managing and/or working with high-performance teams focused on investigations, analytics (including developing data pipeline architecture, organizational metrics, and insights into problems) and engineering (infrastructure, tool development, and system design)
  • Demonstrated success presenting complex data (qualitative and quantitative) in a clear and compelling manner that inspires action
  • Experience working with or in support of diverse communities and global teams
  • Knowledge of network security
  • Knowledge of Web-oriented programming languages: HTML, JS, and PHP
  • BA/BS or Master's degree in an analytical field such as Math, Statistics, Computer Science, Economics, or Information Systems


Meet Some of Facebook's Employees

Lauren W.

Global Marketing Lead, Facebook Blueprint

As the marketing lead for Facebook’s Blueprint program, Lauren focuses on building awareness around the program and the adoption of education and training by businesses and advertisers.

Ariane J.

Software Engineer

Ariane works to improve Android performance for various Facebook products. She drives the entire tooling system and the way it should operate, and fixes logging and instrumentation APIs.


Back to top