As part of Meta Security, our Insider Trust team is focused on identifying and responding to insider threats to data. The team's mission is to identify malicious use of otherwise legitimate access to data from people inside the company and respond to it before damage is done. We investigate across a broad spectrum of abuse including abuse of user data, intellectual property, and leaks of sensitive information. We collaborate with software engineering teams to build advanced detection capabilities and understand how abuse happens so that we can stay ahead of those who are interested in misusing their access. The Insider Trust team is looking for a highly motivated Security Engineer to build and improve internal tools and systems to detect malicious activities related to insider threats. Candidates are expected to analyze and monitor internal tools, hunt for insider threats against company data and infrastructure, and and have the ability to carry out complex internal investigations from collection to reporting. As part of the role, this person will work side by side with our engineering teams to build advanced detection solutions to help keep systems and information safe, and partner closely with our Human Resources and Legal teams to carry out complex investigations. We are looking for people that have a strong technical background, experience with computer forensics, data analytics, system and network administration, and the ability to build tools and/or automate tasks. Security Engineer, Insider Trust Responsibilities:

• Lead cross-functional projects to improve our capabilities to effectively detect and respond to internal threats and security incidents
• Leverage threat modeling and analysis to build event and/or behavioral based detections to protect our critical assets and infrastructure
• Perform analysis of logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential insider threats
• Build operational workflows and actions that auto-resolve false positives and provide context scaling our ability to investigate
• Identify gaps in our infrastructure, and work with software engineers, product managers, and business partners to gain visibility through logging and detection
• Perform live response, digital forensics, and analysis of a wide variety of assets including endpoints, mobile, servers and networking equipment
• Conduct insider trust investigations in a cross-functional environment and drive incident resolution

Minimum Qualifications:

• 3+ years experience in an incident response and/or detection engineering role
• 3+ years programming experience with at least one of the following languages: Python, Python, PHP, and/or C++.
• 2+ years experience writing detection rules using anomaly based methods

Preferred Qualifications:

• Master's degree in Computer Science/Engineering
• Networking and system administration experience of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems
• Familiarity with multiple forensic tools (e.g. SIFT Workstation, Sleuthkit, F-Response Enterprise, EnCase, FTK, Cellebrite, X-Ways, Volatility, or open source tools) to perform analysis and/or memory collection

About Meta: Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics. Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.