Detection & Response Security Engineer, Threat Intelligence

Detection & Response Security Engineer, Threat Intelligence at Meta

Meta Security is actively seeking a threat intelligence investigator with extensive experience in investigating cyber threats using an intelligence-driven methodology. In this role, you will be instrumental in proactively responding to a diverse array of security threats, diligently tracking actor groups with the intent or capability to target Meta and its employees. A critical part of your work will involve identifying gaps in current detection and prevention mechanisms through long-term intelligence tracking and thorough research. You will collaborate closely with cross-functional stakeholders to significantly enhance Meta’s overall security posture.

Responsibilities

• Track threat clusters that pose risks to Meta’s infrastructure and employees, and subsequently identify, develop, and implement effective countermeasures on our corporate network.
• Investigate, mitigate, and forecast emerging technical security trends, communicating actionable suggestions clearly to various audiences.
• Collaborate closely with incident responders, providing timely and useful intelligence to enrich ongoing investigations.
• Enhance threat cluster tracking tools and improve the integration of intelligence data into existing systems.
• Engage constructively in cross-functional projects aimed at strengthening Meta’s infrastructure security posture, including red team operations, expanding surface detection coverage, and contributing to vulnerability management discussions.

Minimum Qualifications

• 5+ years of dedicated threat intelligence experience.
• Bachelor's degree or equivalent practical experience in Security.
• Familiarity with campaign tracking techniques and the ability to convert tracking results into long-term countermeasures.
• Familiarity with threat modeling frameworks, such as the Diamond Model and/or MITRE ATT&CK framework.
• Proven experience with intelligence-driven hunting to identify suspicious network activities and potential risks.
• Demonstrated ability to manage and execute both short-term and long-term projects effectively.
• Ability to thrive in a team environment spanning multiple locations/time zones.
• Capacity to prioritize and execute tasks with minimal direction or oversight.
• Strong critical thinking skills and the ability to qualify assessments with solid communication.
• Proficiency in coding or scripting using one or more languages such as Python or PHP.

Preferred Qualifications

• Experience collaborating closely with incident responders on incident investigations.
• Familiarity with malware analysis or network traffic analysis.
• Familiarity with nation-state, sophisticated criminal, or supply chain threats.
• Familiarity with file-based or network-based rules and signatures for detecting and tracking complex threats, such as YARA or Snort.
• Experience with one or more query languages, such as SQL.
• Experience authoring production-grade code for threat intelligence tooling.
• Experience conducting large-scale data analysis.
• Experience working across the broader security community.

Key skills/competency

• Threat Intelligence
• Cybersecurity
• Incident Response
• Threat Hunting
• MITRE ATT&CK
• Python/PHP Scripting
• Malware Analysis
• Network Security
• Vulnerability Management
• Data Analysis