Security Engineer, Insider Threat

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.

As part of Facebook Security, our Insider Threat team is focused on identifying and responding to insider threats to data. The team's mission is to identify malicious use of otherwise legitimate access to data from people inside the company and respond to it before damage is done. We investigate across a broad spectrum of abuse including abuse of user data, intellectual property, and leaks of sensitive information. We collaborate with software engineering teams to build advanced detection capabilities and understand how abuse happens so that we can stay ahead of those who are interested in misusing their access.

The Insider Threat team is looking for a highly motivated Security Engineer to build and improve internal tools and systems to detect malicious activities related to insider threats. Candidates are expected to analyze and monitor internal tools, hunt for insider threats against company data and infrastructure, and have the ability to carry out complex internal investigations from collection to reporting. As part of the role, this person will work side by side with our engineering teams to build advanced detection and solutions to help keep systems and information safe, and partner closely with our Human Resources and Legal teams to carry out complex investigations. We are looking for people that have a strong technical background, experience with computer forensics, data analytics, system and network administration, and the ability to build tools and/or automate tasks.

This is a full time role based in London. Competitive Salary including the following benefits apply: ;Medical Benefits ;Dental Benefits ;Vision Benefits ;Pension Benefits ;Life Assurance ;Ride2Work ;Childcare Benefits ;Gym Benefits ;Transport benefits ;Laundry Benefit ;Posted: 17/05/2019 Closing date: 17/07/2019


  • Perform investigations of security incidents using data analytics, computer forensics (laptops, servers, and mobile devices), and/or developing automation in production and corporate environments
  • Monitor detection systems and respond to alerts of malicious/anomalous activity
  • Build automation and detection rules to support detection of anomalous activity and response activities to mitigate insider threats at scale
  • Hunt for internal threats in our corporate and production infrastructure to proactively identify malicious activity that we are not currently able to detect
  • Identify and consult on the design of countermeasures to mitigate insider threats in our environment
  • Partner with HR, Legal, CERT, Threat Intelligence, and Engineering teams to streamline processes specific to internal investigations, and summarize information for complex and highly sensitive investigations to these cross-functional teams
  • Bachelor's degree in Computer Science, Engineering, or equivalent practical experience
  • Coding/scripting experience in one or more general purpose languages
  • Ability to interpret information from multiple sources and work with large data sets
  • Familiarity with database tools/systems such as Hbase, SQL, HQL
  • Broad understanding of the security domain, as well as deep focus in one (or more) areas, such as:
    • Host forensics and incident response (and live response) for Windows, MacOS, Linux, iOS and/or Android * Strong understanding of forensic artifacts in operating systems, file systems, and memory
    • Data science, analytics, machine learning experience applicable to the insider threat detection space
    • Tool development for threat detection and/or incident response
  • Master's degree in Computer Science/Engineering
  • Coding proficiency in Python, PHP, and/or C++
  • Networking and system administration experience of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems
  • Familiarity with multiple forensic tools (e.g. SIFT Workstation, Sleuthkit, F-Response Enterprise, EnCase, FTK, Cellebrite, X-Ways, Volatility, or open source tools) to perform analysis and/or memory collection
  • Experience with insider threat detection tools and advanced analytic methodologies
  • Anomaly detection applicable to the insider threat detection space
  • Knowledge of incident response phases and concepts
  • Ability to work collaboratively in stressful situations with a sense of urgency
  • 4 years of computer forensic experience
Facebook is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at .

Back to top