Security Engineer, Insider Threat

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities â€" we're just getting started.

Facebook's Security team is looking for a highly motivated Security Engineer to build and improve internal tools to detect suspicious activities related to insider threats. The ideal candidate will have extensive experience in computer forensics and the ability to carry out complex internal investigations from collection to reporting. Candidates are expected to analyze and monitor internal tools and threats against company data and infrastructure. As part of the role, this person will work side by side with our engineering teams to develop and implement solutions that help keep systems and information safe.

Competitive Salary including the following benefits apply: ;Medical Benefits ;Dental Benefits ;Vision Benefits ;Pension Benefits ;Life Assurance ;Ride2Work ;Childcare Benefits ;Gym Benefits ;Transport benefits ;Laundry Benefit ;Posted: 23/08/2018 Closing date: 23/12/2018


  • Investigate security incidents using data analytics, computer forensics, and automation in production and corporate environments.
  • Build tools and automation to assist detection and response activities at scale.
  • Analyze the latest insider threat techniques and apply solutions to detect them holistically.
  • Monitor detection systems and respond to alerts of anomalous or suspicious activity.
  • Partner with HR, Legal, CERT, Threat Intelligence, and Engineering teams to streamline functions and processes specific to internal investigations.
  • Strong understanding of Forensic artifacts as they pertain to Windows, macOS, Linux, iOS and Android forensics.
  • Familiarity with multiple forensic tools (e.g. SIFT Workstation, Sleuthkit, Secondlook, F-Response Enterprise, EnCase, FTK, Cellebrite, X-Ways, etc.).
  • Administration of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems.
  • Ability to develop tools using an interpreted programming language (PHP, Python, Ruby, Powershell, Haskell, etc.).
  • Ability to interpret information from multiple sources and work with large data sets (data analytics).
  • Familiarity with database tools/systems such as Hbase, SQL, HQL.
  • Bachelor's degree in Computer Science or equivalent.
  • 4 years of computer forensic experience.
  • Master's degree in Computer Science/Engineering.
  • GCFA, CISSP, GCIH Certification.
  • Coding proficiency in PHP, Python, and/or C++.
  • Networking and UNIX system administration experience.
  • Experience performing memory collection and analysis using Volatility, Rekall and/or other open source tools.
  • Experience with insider threat detection tools and advanced analytic methodologies.
  • Experience in Counterintelligence, Information Assurance, Insider Threat, and/or Personnel Security.

Back to top