Detection & Response Security Engineer, Threat Intelligence

Meta Security is looking for a threat intelligence investigator with extensive experience in investigating cyber threats with an intelligence‑driven approach. You will proactively respond to a broad set of security threats, track actor groups interested or capable of targeting Meta and its employees, identify gaps in current detections and preventions, and work with cross‑functional stakeholders to improve Meta’s security posture.

• Track threat clusters posing threats to Meta’s infrastructure and employees, and identify, develop and implement countermeasures on our corporate network.
• Investigate, mitigate, and forecast emerging technical trends and communicate effectively with actionable suggestions to different audiences.
• Work closely with incident responders to provide useful and timely intelligence to enrich ongoing investigations.
• Improve the tooling of threat cluster tracking and intelligence data integration to existing systems.
• Engage constructively in cross‑functional projects to improve the security posture of Meta’s infrastructure, such as red‑team operations, surface detection coverage expansion and vulnerability management discussions.

• 5+ years threat intelligence experience.
• Bachelor’s degree or equivalent experience in Security.
• Familiarity with campaign‑tracking techniques and converting the tracking results to long‑term countermeasures.
• Familiarity with threat‑modeling frameworks such as the Diamond Model or MITRE ATT&CK.
• Experience with intelligence‑driven hunting to spot suspicious activities in the network and identify potential risks.
• Proven track record of managing and executing short‑term and long‑term projects.
• Ability to work with a team spanning multiple locations/time zones.
• Ability to prioritize and execute tasks with minimal direction or oversight.
• Ability to think critically and qualify assessments with solid communication skills.
• Coding or scripting experience in one or more scripting languages such as Python or PHP.

• Experience close collaborating with incident responders on incident investigations.
• Familiarity with malware analysis or network traffic analysis.
• Familiarity with nation‑state, sophisticated criminal, or supply‑chain threats.
• Familiarity with file‑based or network‑based rules and signatures for detection and tracking of complex threats, such as YARA or Snort.
• Experience in one or more query languages such as SQL.
• Experience authoring production code for threat intelligence tooling.
• Experience conducting large‑scale data analysis.
• Experience working across the broader security community.

Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology.

Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate, monthly rate, or annual salary only, and do not include bonus, equity or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.

• Not Applicable

• Full‑time