Security Engineer, Internal Detection And Response

Facebook's security team is the central engine driving data and systems security at the company, supporting Facebook and all of its family of apps. The organization is responsible for inhibiting malicious actors from compromising our environment, detecting and responding to them before they do damage if they do, ensuring we are maintaining the protections we say we will, and engaging with the community to help those outside the company learn from the work we do. We work across all parts of the company, from the corporate infrastructure to production to external services, interfacing with nearly every team in the company.
Facebook's security team is looking for a Security Engineer with a variety of experiences in the discovery, containment, and mitigation of threat actors to work in the Internal Detection and Response team. A successful candidate will have experience establishing and maturing investigations and response efforts, drawing upon automation and cross functional partnerships to create scalable and resilient operational capabilities. We are building the next generation of security operations and response platforms to support the scale and security of Facebook. You will be helping to lead the programs where we are leveraging different sources of information for detecting, responding and investigating incidents and working with our software and production engineering teams to develop scalable systems to automate detection and remediation.

Security Engineer, Internal Detection and Response Responsibilities:

• Be a broad technical and process subject matter expert regarding the services your team provides.
• Influence and align the organization’s vision and strategy, while engaging our teams to develop and deliver specific, multi-year roadmaps, programs, and projects. Ensure prioritization, resourcing, and timely delivery of this work within a changing business environment.
• Work with, partner, and influence other teams to solve challenges related to a broad spectrum of threat actors.
• Focus on ruthlessly prioritizing, automating, and scaling every aspect of our detection and response capabilities.
• Build, cultivate, and maintain positive relationships with internal customers to identify and facilitate solutions to increase the impact of the team's work.
• Define operational metrics, key performance indicators, and service level objectives to assure the team achieves operational excellence.
• Coach, mentor, support, and care for the team in a way that enables long-term career development, happiness, and success at scale.
• Collaborate with software and production engineering teams to develop scalable and flexible solutions for everything from low-level actors to nation state actors.

Minimum Qualifications:

• Knowledge of operating systems, file systems, and memory on Windows, MacOS, or Linux
• Experience with an interpreted programming language (PHP, Python, Perl, Ruby, etc.)
• Experience with attacker tactics, techniques and procedures
• Experience leading and managing complex cross-functional programs
• Experience developing and delivering information on program status for senior leadership
• 10+ years of work experience in software or security engineering

Preferred Qualifications:

• Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as: Logs and events processing, Incident Management, and Detection and/or Response tool development
• Experience recruiting, building, and leading technical teams, including performance management
• Background in intrusion detection, security investigations, and incident response
• Experience “threat hunting”, i.e. using threat intel to proactively and iteratively investigate these potential risks and finding suspicious behavior in the network