Security Engineer, Investigator

The Technical Investigations team is dedicated to protecting Meta from serious financial or reputational harm, as well as the detection and remediation of threats to the company and its users. On this team, you will have the opportunity to generate new cases through analytics, design and build new detections and tools to address threats and optimize workflows, as well as run your own investigations into Legal threats facing Meta.We are seeking an experienced Security Engineer to detect, analyze and develop metrics around internal and external bad actors and actor groups, investigate complex threats to our business and its users, advance investigative methods, and use innovative approaches to protecting people and businesses from harm. The candidate must be able to use code to automate investigative actions and have a proficiency in scripting languages such as PHP or Python. In addition to these technical skills, this Security Engineer will create and build automations and improvements to the infrastructure of the team's workflow, which requires gaining specific process knowledge by closely collaborating with and understanding the team's workflow and requirements to proactively identify integration opportunities.The ideal candidate will be an innovative self-starter, who is motivated by our mission, is results-driven, a strategic and creative thinker, and will be able to extract, assimilate, and correlate a wide variety of data.

• Provide technical and investigative expertise in support of various legal investigations.
• Analyze and interpret large datasets to advance investigations, quantify trends or support findings.
• Investigate complex cases to understand in granular detail how abuse is occurring and attribute the person(s) responsible. Identify and implement appropriate online and offline enforcement strategies to mitigate harm both in the current case and from similar forward-looking abuse.
• Proactively hunt for threats and undetected abuse by leveraging internal data, open-source intelligence, and third party intelligence.
• Build automation for identification, response, and remediation of various threat types.
• Enable investigative and research work through tactical scripting tasks and the development of broader engineering requirements documentation for partner teams as required.
• Identify effective strategies to prevent or disrupt abuse at scale. Consult on the design of countermeasures to effect those strategies.

• BSc/MSc in Computer Science or equivalent experience in Information Systems, Engineering, Cyber Security or related field.
• 3+ years of experience with Python or PHP and SQL.
• 3+ years of experience in managing and executing on short-term and long-term engineering, research, or investigative projects.
• Experience analyzing disparate data sets in support of legal investigations.
• Proficiency in defining and executing data-driven research questions and effective communication.

• Experience working or managing projects that have enterprise-wide impact and/or multi-organization cross functional stakeholders.
• Data Analysis - Familiarity with the use of data analysis, social network analysis or machine learning ideally in security applications, and including commonly used collections in Python (e.g. Pandas, Networkx, scikit-learn).
• Familiarity with topics such as insider threat, regulatory/compliance, global terrorist organizations etc and how they can manifest both internally and externally through abuse of online communities.
• Ability to work with a team spanning multiple locations/time zones.
• Regional knowledge and/or language skills.
• Experience with open-source investigation techniques and familiarity with a variety of internet research tools.
• Collaborative Research - Collaboration with partners engaged in tactical investigations to resolve data or engineering oriented challenges or research needs and effectively communicating findings and recommendations.
• Subject Area Expertise - having extensive knowledge of how nation-state advanced persistent threat actors operate and how the security industry investigates, tracks, and mitigates their behaviors.
• Experience in analytical reporting and communicating information in a manner designed for consumption by decision makers.