Community Threat Investigator

Facebook - Washington, DC4.2

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we're just getting started.

The Community Threat Intel Espionage team is dedicated to protecting the users of the Facebook family of applications (e.g. Facebook, Instagram, WhatsApp, Oculus) from advanced threat/Nation State actors. Our investigators must possess deep knowledge of advanced threat actors, including their tactics, techniques, and procedures, as well as an understanding of the overall threat landscape and geopolitical climate. Using this knowledge, we leverage a variety of data sources including internal data, open-source intelligence, and third party private intelligence to detect and track adversary groups both on and off the Facebook platform. In order to be successful, our investigators must be able to extract, assimilate, and correlate a wide variety of data to not only track known activity but also to surface previously unidentified activity and develop novel and effective strategies to disrupt attackers.
We look for people who have a strong desire to solve complex problems and develop new solutions, often involving collaboration with different teams across the company. Necessary skills include competence with Python, SQL, and data science, as well as a background in producing threat intelligence products.
Identify and investigate online attackers with the interest and capability to target Facebook users
Track high-priority threats and identify, develop and implement countermeasures on our platform
Lead technical investigations from start-to-finish, to include effectively communicating actionable results to different audience types
Engage constructively in cross-functional projects
Experience with Python or a similar scripting language
Experience with signatures for detection and/or mitigation (e.g. YARA, ClamAV, etc.)
Experience investigating and disrupting threats and online threat actors
Experience managing and executing on short term and long term projects
Experience prioritizing and executing with minimal direction or oversight
Familiarity with international geopolitics
Specific regional knowledge or expertise
Language skills
Experience conducting large-scale data analysis
Experience performing malware analysis and identification
Experience working across the broader security community
Facebook is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at