Security Engineer, IR Threat Intelligence

Meta Security is looking for a Threat Intelligence investigator with extensive experience in investigating cyber threats with an intelligence-driven approach. You will be proactively responding to a diverse set of security threats, as well as tracking actor groups with an interest or capability to target Meta, its infrastructure and its employees. You will also be identifying the gaps in current detections and preventions by long-term intelligence tracking and research, and working with cross-functional stakeholders to improve Meta’s security posture. Lastly, you will be developing and improving the custom tooling and systems used by the team.Security Engineer, IR Threat Intelligence Responsibilities:

• Track threat clusters posing threats to Meta’s infrastructure and employees, and identify, develop and implement countermeasures on our corporate and production environments
• Investigate, mitigate, and forecast emerging technical trends and communicate effectively with actionable suggestions to different types of audiences
• Work closely with the security operations team and incident responders to provide useful and timely intelligence to enrich ongoing investigations
• Participate in our detection & response oncall rotation which carries the responsibility for alert qualification, remediation, and long term prevention
• Improve the tooling of threat cluster tracking and intelligence data integration to existing systems and various threat intelligence feeds
• Engage constructively in cross-functional projects to improve the security posture of Meta’s infrastructure, with teams such as Red Team Operations, Detection Engineering, Vulnerability Management

Minimum Qualifications:

• 5+ years of experience in Threat Intelligence, Detection & Response or similar Security Engineering role
• Familiarity with campaign tracking techniques and ability to convert the tracking results to long term countermeasures
• Familiarity with threat modeling framework, such as Diamond Model and/or MITRE ATT&CK framework
• Experience with intelligence-driven threat hunting to spot suspicious activities and identify potential risks, and experience with building notebooks to automate such hunts
• Coding or scripting experience in one or more scripting languages such as Python or PHP
• Proven track record of managing and executing on short term and long term projects
• Ability to work with a team spanning multiple locations/time zones
• Ability to prioritize and execute tasks with minimal direction or oversight
• Ability to think critically and qualify assessments with solid communications skills

Preferred Qualifications:

• Experience with closely collaborating with incident responders on large-scale incident investigations
• Familiarity with malware analysis techniques and ability to perform analysis against logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential threats
• Production of file-based or network-based rules and signatures for detection and tracking of complex threats, such as YARA or Snort
• Experience in one or more query languages such as SQL
• Experience writing production code for threat intelligence tooling and threat intelligence feeds
• Experience conducting large scale data analysis with notebooks and other data analysis tools
• Experience working across the broader security community

About Meta:Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics.