Detection & Response Security Engineer, Threat Intelligence

Meta Security is seeking a threat intelligence investigator with extensive experience in cyber threat investigation using an intelligence-driven approach. You will proactively respond to a broad range of security threats and track actor groups targeting Meta and its employees. Your role will involve identifying gaps in current detections and preventions through long-term intelligence tracking and research, and collaborating with cross-functional stakeholders to enhance Meta’s security posture.

Detection & Response Security Engineer, Threat Intelligence Responsibilities:

• Track threat clusters posing risks to Meta’s infrastructure and employees, and identify, develop, and implement countermeasures on our corporate network.
• Investigate, mitigate, and forecast emerging technical trends, communicating actionable suggestions effectively to diverse audiences.
• Collaborate closely with incident responders to provide timely and valuable intelligence for ongoing investigations.
• Enhance threat cluster tracking tools and intelligence data integration with existing systems.
• Engage constructively in cross-functional projects to improve Meta’s infrastructure security, including red team operations, expanding surface detection coverage, and vulnerability management discussions.

Minimum Qualifications:

• 5+ years of threat intelligence experience.
• Familiarity with campaign tracking techniques and converting tracking results into long-term countermeasures.
• Familiarity with threat modeling frameworks such as the Diamond Model and/or MITRE ATT&CK framework.
• Experience with intelligence-driven hunting to identify suspicious network activities and potential risks.
• Proven track record of managing and executing short-term and long-term projects.
• Ability to work effectively with a team spanning multiple locations and time zones.
• Ability to prioritize and execute tasks with minimal direction or oversight.
• Ability to think critically, qualify assessments, and communicate effectively.
• Coding or scripting experience in one or more languages such as Python or PHP.

Preferred Qualifications:

• Experience closely collaborating with incident responders on incident investigations.
• Familiarity with malware analysis or network traffic analysis.
• Familiarity with nation-state, sophisticated criminal, or supply chain threats.
• Familiarity with file-based or network-based rules and signatures for detecting and tracking complex threats, such as YARA or Snort.
• Experience in one or more query languages such as SQL.
• Experience authoring production code for threat intelligence tooling.
• Experience conducting large-scale data analysis.
• Experience working within the broader security community.

About Meta:

Meta builds technologies that help people connect, find communities, and grow businesses. Since Facebook's launch in 2004, it has transformed how people connect. Apps like Messenger, Instagram, and WhatsApp have further empowered billions worldwide. Meta is now advancing beyond 2D screens towards immersive experiences like augmented and virtual reality to shape the next evolution in social technology. Careers at Meta involve shaping a future that transcends digital connection possibilities—beyond screen constraints, distance limitations, and the laws of physics.

Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate, monthly rate, or annual salary only, and do not include bonus, equity, or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.