Technical Security Analyst, Insider Threat

Facebook - Menlo Park, CA (30+ days ago)4.2

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we're just getting started.
Facebook's Security team is looking for a highly motivated Technical Security Analyst to analyze internal tools and detection systems to respond to suspicious activities related to insider threats. Candidates should have a strong technical background, experience with computer forensic and investigative tools, data analytics, system and network administration, and the ability to build or automate tasks and tools. This is a unique opportunity to protect the data and privacy of our company, employees, and community by detecting, investigating, and mitigating insider threats. As part of this role, this person will work closely with our Human Resources and Legal teams to carry out complex internal investigations.
Monitor detection systems and respond to alerts of anomalous or suspicious activity.
Build rules to detect malicious activity and defend against insider threats.
Conduct forensic investigations of laptops, servers, and mobile devices.
Use data analytics to guide detection and surface operational improvements.
Identify and consult on the design of countermeasures to mitigate insider threats.
Summarize and present information from investigations to cross-functional teams.
Bachelor's degree in Computer Science, Engineering, or equivalent.
2+ years of experience in computer forensic investigations or similar technical investigations.
Knowledge of forensic software (e.g. F-Response, Encase, Blacklight, FTK, Sleuthkit, Autopsy).
Knowledge of operating systems (Windows, macOS, Linux) and database tools (e.g. Hbase, SQL, or similar).
Experience interpreting information from multiple sources and work with large data sets (data analytics).
Incident response, networking or system administration experience.
Certifications: EnCE, CISSP, GCFA/GCFE.
Cloud or SAAS forensics/investigations.
Open source intelligence collection.
Proficiency in multiple languages.
Experience with insider threat detection tools and advanced analytic methodologies.
Experience working collaboratively in stressful situations with a sense of urgency.