Security Engineer, Threat Detection and Response - Blockchain Facebook
Washington, DC

Job Description

At Facebook, we have established a new team exploring different ways to leverage blockchain technology to improve the lives of people around the world. It's a small, fast-growing, and talented group of people and our experienced leadership team comprised of some of the best professionals in their respective fields. The blockchain team is a startup within Facebook and we're exploring lots of areas of interest across all facets of blockchain technology. Our ultimate goal is to help billions of people with access to things they don't have now - that could be things like healthcare, equitable financial services, or new ways to save or share information.

Our team is looking for a Threat Detection and Response Engineer with experience in the discovery, containment, and mitigation of threats to networks and hosts. You will be responding to threats, building advanced and novel detection mechanisms, performing hunts for sophisticated and unknown malware, and developing systems to automate remediation. We are looking for people that enjoy hunting for malicious activity and intrusions and then developing new signatures or methodologies to detect their activity.

RESPONSIBILITIES

* Hunt for badness in our infrastructure: proactively identify malicious activity that we are not currently able to detect



Analyze logs, packets, and alerts for signs of malicious activity

Create signatures and tools to analyze and detect malicious activity

Build automation for response and remediation of malicious activity

Support incident response by investigating security intrusions

Drive implementation of countermeasures, mitigations, and containment

MINIMUM QUALIFICATIONS

* Bachelors degree or equivalent experience in Security



Knowledge of networking technologies, specifically TCP/IP and the related protocols

Knowledge of operating systems, file systems, and memory on Windows, MacOS, or Linux

Coding/scripting experience in one or more general purpose languages

Experience with attacker tactics, techniques, and procedures

PREFERRED QUALIFICATIONS

* Background in malware analysis, intrusion detection, and/or threat intelligence



Experience with rule-driven and analysis-driven network platforms like Bro and Suricata

Experience hunting, i.e. using threat intel to proactively and iteratively investigates these potential risks and finding suspicious behavior in the network

Experience in host and memory forensics (including live response) for Windows, OSX, and/or Linux

Knowledge across the Security domain, as well as deep focus in one (or more) areas such as:

* Host and memory forensics



Network forensics

Incident Management

Detection and/or response tool development

Facebook is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations-ext@fb.com.