Facebook Jobs

Mobile facebook Logo

Job Information

Facebook Security Engineer, Insider Threat in Menlo Park, California


Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.


As part of Facebook Security, our Insider Threat team is focused on identifying and responding to insider threats to data. The team's mission is to identify malicious use of otherwise legitimate access to data from people inside the company and respond to it before damage is done. We investigate across a broad spectrum of abuse including abuse of user data, intellectual property, and leaks of sensitive information. We collaborate with software engineering teams to build advanced detection capabilities and understand how abuse happens so that we can stay ahead of those who are interested in misusing their access.

The Insider Threat team is looking for a highly motivated Security Engineer to build and improve internal tools and systems to detect malicious activities related to insider threats. Candidates are expected to analyze and monitor internal tools, hunt for insider threats against company data and infrastructure, and have the ability to carry out complex internal investigations from collection to reporting. As part of the role, this person will work side by side with our engineering teams to build advanced detection solutions to help keep systems and information safe, and partner closely with our Human Resources and Legal teams to carry out complex investigations. We are looking for people that have a strong technical background, experience with computer forensics, data analytics, system and network administration, and the ability to build tools and/or automate tasks.

Required Skills:

  1. Use your coding, data analytics and investigation abilities to hunt, detect and respond to insider threats at scale

  2. Perform investigations of security incidents using data analytics, computer forensics (laptops, servers, and mobile devices), and/or developing automation in production and corporate environments

  3. Monitor detection systems and respond to alerts of malicious/anomalous activity

  4. Build automation and detection models to support identification of anomalous activity and response activities to mitigate insider threats at scale

  5. Hunt for internal threats in our corporate and production infrastructure to proactively identify malicious activity that we are not currently able to detect

  6. Identify and consult on the design of countermeasures to mitigate insider threats in our environment

  7. Partner with HR, Legal, CERT, Threat Intelligence, and Engineering teams to streamline processes specific to internal investigations, and summarize information for complex and highly sensitive investigations to these cross-functional teams

Minimum Qualifications:

  1. Bachelor's degree in Computer Science, Engineering, or equivalent experience

  2. Coding/scripting experience in one or more general purpose languages

  3. Experience interpreting information from multiple sources and working with data sets

  4. Knowledge with database tools/systems such as Hbase, SQL, HQL

  5. Knowledge of the security domain, as well as focus in one (or more) areas, such as:

  6. Host forensics with knowledge of forensic artifacts, operating systems, and incident response experience (including live response) for Windows, MacOS, Linux, iOS and/or Android

  7. Data science, analytics, machine learning experience applicable to the insider threat detection space

  8. Tool development for threat detection and/or incident response

Preferred Qualifications:

  1. Master's degree in Computer Science/Engineering

  2. Coding proficiency in Python, PHP, and/or C++, Pandas, NumPy, Scikit-learn, TensorFlow

  3. Networking and system administration experience of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems

  4. Familiarity with multiple forensic tools (e.g. SIFT Workstation, Sleuthkit, F-Response Enterprise, EnCase, FTK, Cellebrite, X-Ways, Volatility, or open source tools) to perform analysis and/or memory collection

  5. Experience with insider threat detection tools and advanced analytic methodologies

  6. Experience with anomaly detection applicable to the insider threat detection space

  7. Knowledge of incident response phases and concepts

  8. Ability to work collaboratively in stressful situations with a sense of urgency

  9. 4+ years of computer forensic experience

Industry: Internet

Equal Opportunity: Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.