- Menlo Park, CA
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.
Facebook's security team is looking for a Security Engineer with a variety of experiences in the discovery, containment, and mitigation of threat actors to work in the Internal Detection and Response team. We are building out security operations and response platforms to support the scale and security of Facebook. You will be analyzing different sources of information leveraged for detection, responding and investigating incidents and working with our software and production engineering teams to develop scalable systems to automate detection and remediation.
- Support and lead security incident response in a cross-functional collaboration environment driving towards incident resolution.
- Develop incident response initiatives that improve our capabilities to respond and remediate security events faster.
- Perform forensic analysis of digital information and gathers and handles evidence.
- Perform analysis of logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify and investigate potential threats.
- Build automation for identification, response, and remediation of malicious activity.
- Drive implementation of countermeasures, mitigations, and containment.
- Bachelor's degree or equivalent experience in Security.
- Experience analyzing network and host-based security events.
- Knowledge of networking technologies, specifically TCP/IP and the related protocols.
- Knowledge of operating systems, file systems, and memory on Windows, macOS, or Linux.
- Experience with attacker tactics, techniques and procedures.
- Experience with an interpreted programming language (PHP, Python, Perl, Ruby, etc.).
- Background in malware analysis, intrusion detection, and/or threat intelligence.
- Experience "threat hunting", i.e. using threat intel to proactively and iteratively investigates these potential risks and finding suspicious behavior in the network.
- Experience in host and memory forensics (including live response) for Windows, OSX, and/or Linux.
- Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as: Logs and events processing, Incident Management, Detection and/or response tool development.
Back to top