Security Engineer Investigator, Account Threats
Washington, DC
Meta
Giving people the power to build community and bring the world closer together
The Account Threats team is dedicated to protecting the users of Meta’s family of applications (e.g. Facebook, Instagram, WhatsApp, Oculus) from the worst kinds of account security issues we experience. You will have the opportunity to work on some of the most challenging, complicated, and high-visibility security risks the company is facing through an account security lens. The impact of your work will be substantial, as outcomes could affect the billions of people who use our products.
We are seeking an experienced security engineer to proactively detect and analyze root causes of account security abuses, investigate complex threats to our business and users, advance investigative methods, conduct data-driven decision making, and use innovative approaches to protect people from harm. The candidate must have a strong cybersecurity or cyber threat intelligence background and know how to apply it to proactively hunt for threats, be able to use code to automate investigative actions, and be proficient in scripting languages, such as PHP or Python.
The ideal candidate will be an innovative self-starter, who is motivated by our mission, is results-driven, a strategic thinker, and will be able to extract, assimilate, and correlate a wide variety of data in order to surface and disrupt account security abuses.Security Engineer Investigator, Account Threats Responsibilities
Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate or annual salary only, and do not include bonus, equity or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.
We are seeking an experienced security engineer to proactively detect and analyze root causes of account security abuses, investigate complex threats to our business and users, advance investigative methods, conduct data-driven decision making, and use innovative approaches to protect people from harm. The candidate must have a strong cybersecurity or cyber threat intelligence background and know how to apply it to proactively hunt for threats, be able to use code to automate investigative actions, and be proficient in scripting languages, such as PHP or Python.
The ideal candidate will be an innovative self-starter, who is motivated by our mission, is results-driven, a strategic thinker, and will be able to extract, assimilate, and correlate a wide variety of data in order to surface and disrupt account security abuses.Security Engineer Investigator, Account Threats Responsibilities
- Proactively hunt for threats and undetected abuse by leveraging internal data, open source intelligence, and third-party private intelligence.
- Investigate complex account security abuses to understand in granular detail how abuse is occurring. Identify and implement appropriate detection or prevention strategies to mitigate harm both in the current case and from similar forward-looking abuse.
- Understand the application of tactics, techniques, and procedures, as well as tooling, that actors use across various attack surfaces.
- Lead technical investigations from start-to-finish, to include effectively communicating actionable results, analytic judgments, and mitigations to different audience types across cross-functional settings.
- Self-directed identification of trends in adversary behavior, and proactive surfacing of risks that may represent previously unidentified or novel vectors for harm. Deeply understand how abuse manifests and clearly explain emerging threats and trends, with an emphasis on security understanding.
- Analyze and interpret complex, high volume, and high dimensionality data from varying sources to advance investigations, quantify trends, or support findings.
- Take a leadership role in suggesting, prototyping, and teaching novel investigative techniques.
- Partner with other cross-functional teams to identify, influence, and implement holistic solutions to surfacing and responding to emerging threats.
- Manage multiple projects at once while effectively prioritizing time, based on team priorities.
- Automate the everyday tasks and actions conducted during investigations and team processes.
- 5+ years work experience in a cyber security, security investigations, or cyber threat intelligence investigations role.
- Adept at formulating queries to analyze and interpret large datasets to advance investigations, quantify trends, or support findings.
- Experience investigating and acting on high-impact threats such as account compromise, account creation abuse, business compromise, or malware analysis.
- Proficiency working with Python, PHP, or similar scripting languages.
- Demonstrated experience to think critically and effectively articulate well-reasoned assessments within cross-functional settings, while possessing proficient communication skills to influence stakeholders with varying levels of technical expertise across all organizational levels.
- Experience identifying effective strategies to prevent or disrupt abuse at scale. Consult on the design of countermeasures to affect those strategies.
- Experience working with a team spanning multiple locations/time zones.
- Proficiency in detecting, mitigating, and sizing account abuse for a Web-based service, to include experience with authentication attacks, account generation abuse, bot detection, evasion detection, and/or browser fingerprint analysis.
- 3+ years of red or purple teaming exposure.
- Proficiency in static and dynamic analysis of malicious software to understand behaviors and intent of the malicious software. Experience should include leveraging results to derive digital fingerprints, create detection signatures (e.g. file, network), and/or hunt for malware.
- Deep technical and data analysis experience to analyze custom protocols to understand and expose adversarial behaviors.
- Experience understanding tactics, techniques, and procedures (TTPs) and actor intent, including extracting this from malware.
- Experience in scoping, communicating, and leveraging cyber threat intelligence to proactively detect, measure, or prevent abuse.
- Experiencing tracking highest priority malware campaigns.
- Experience using SQL for data analytics and processing large data sets.
- Demonstrated interest in understanding the intersection of global security risks, and how they apply to social media.
- Experience with open source investigation techniques and familiarity with a variety of internet research tools.
- BS/MS or equivalent experience in Computer Science, Information Systems, Intelligence Studies, Cybersecurity or related field.
- Experience working across or contributing to the broader security community (public research, blogging, presentations, open source contributions, etc.)
Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate or annual salary only, and do not include bonus, equity or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.
Job stats:
4
0
0
Categories:
Security Engineering Jobs
Threat Intel Jobs
Tags: Analytics Computer Science Data Analytics Malware Open Source PHP Physics Prototyping Python Scripting SQL Teaching Threat intelligence TTPs
Perks/benefits: Career development Equity / stock options Health care Salary bonus
Region:
North America
Country:
United States
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information Security Officer jobsSenior Cybersecurity Engineer jobsInformation System Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsInformation Security Specialist jobsCyber Security Specialist jobsSecurity Consultant jobsSenior Network Security Engineer jobsIT Security Engineer jobsSystems Engineer jobsSecurity Specialist jobsSenior Information Security Analyst jobsIT Security Analyst jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsSystems Administrator jobsSenior Penetration Tester jobsInformation System Security Officer (ISSO) jobsStaff Security Engineer jobsThreat Intelligence Analyst jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsSecurity Operations Analyst jobsCloud Security Architect jobs
Encryption jobsForensics jobsJava jobsTop Secret jobsEDR jobsRMF jobsSaaS jobsGDPR jobsIDS jobsSplunk jobsDoDD 8570 jobsIPS jobsSQL jobsSDLC jobsIntrusion detection jobsBash jobsActive Directory jobsThreat detection jobsCompTIA jobsITIL jobsDocker jobsGIAC jobsFinance jobsCRISC jobsOWASP jobs
SANS jobsUNIX jobsIndustrial jobsTerraform jobsTCP/IP jobsClearance Required jobsHIPAA jobsJavaScript jobsOSCP jobsIT infrastructure jobsCCSP jobsBanking jobsSOC 2 jobsVPN jobsDNS jobsCISO jobsPolygraph jobsData Analytics jobsSOX jobsSAP jobsNIST 800-53 jobsJira jobsGCIH jobsMITRE ATT&CK jobsGSEC jobs