Facebook Security Engineer, Insider Threat in Menlo Park, California


Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.


Facebook's Security team is looking for a highly motivated Security Engineer to build and improve internal tools to detect suspicious activities related to insider threats. The ideal candidate will have extensive experience in computer forensics and the ability to carry out complex internal investigations from collection to reporting. Candidates are expected to analyze and monitor internal tools and threats against company data and infrastructure. As part of the role, this person will work side by side with our engineering teams to develop and implement solutions that help keep systems and information safe.

Required Skills:

  1. Investigate security incidents using data analytics, computer forensics, and automation in production and corporate environments.

  2. Build tools and automation to assist detection and response activities at scale.

  3. Analyze the latest insider threat techniques and apply solutions to detect them holistically.

  4. Monitor detection systems and respond to alerts of anomalous or suspicious activity.

  5. Partner with HR, Legal, CERT, Threat Intelligence, and Engineering teams to streamline functions and processes specific to internal investigations.

Minimum Qualifications:

  1. Knowledge of Forensic artifacts as they pertain to Windows, macOS, Linux, iOS and Android forensics.

  2. Knowledge with multiple forensic tools (e.g. SIFT Workstation, Sleuth Kit, Second Look, F-Response Enterprise, EnCase, FTK, Cellebrite, X-Ways, etc.).

  3. Experience developing tools using an interpreted programming language (PHP, Python, Ruby, PowerShell, Haskell, etc.).

  4. Experience interpreting information from multiple sources and work with large data sets (data analytics).

  5. Knowledge with database tools/systems such as HBase, SQL, HQL.

Preferred Qualifications:

  1. Master's degree in Computer Science/Engineering.

  2. GCFA, CISSP, GCIH Certification.

  3. Coding proficiency in PHP, Python, and/or C++.

  4. Networking and UNIX system administration experience.

  5. Experience performing memory collection and analysis using Volatility, Rekall and/or other open source tools.

  6. Experience with insider threat detection tools and advanced analytic methodologies.

  7. Experience in Counterintelligence, Information Assurance, Insider Threat, and/or Personnel Security.

Industry: Internet

Equal Opportunity: Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. If you need assistance or an accommodation due to a disability, you may contact us at accommodations-ext@fb.com or you may call us at +1 650-308-7837.