About Novi

Novi is a product group at Facebook focused on building products to ensure that everyone, everywhere has access to the world’s financial system to accelerate financial inclusion and economic empowerment. We're looking for a Security Engineer to work closely with Software Engineers, Security Engineers, Compliance, and Legal to support threat detection and response engineering at Novi. You will be responding to threats, building advanced and novel detection mechanisms, performing searches for sophisticated and previously unknown malware, and developing systems to automate remediation. You'll work with some of the brightest minds in the industry in a data driven culture, use cutting edge technology, and see your efforts affect products and people on a regular basis. You should have a passion for detecting malicious activity, responding to intrusions, and developing new signatures or methodologies to detect bad activity.

Responsibilities

• Search for gaps in our infrastructure: proactively identify malicious activity that we are not currently able to detect

• Analyze logs, packets, and alerts for signs of malicious activity

• Create signatures and tools to analyze and detect malicious activity

• Build automation for response and remediation of malicious activity

• Support incident response by investigating security intrusions

• Drive implementation of countermeasures, mitigations, and containment

Minimum Qualifications

• Bachelors degree in Computer Science or equivalent experience

• Experience in detection, response, or security engineering

• Experience designing and building out security monitoring to aid in detection or forensic investigations

• Coding/scripting experience in one or more general purpose languages

• Knowledge of networking technologies, specifically TCP/IP and the related protocols

• Knowledge of operating systems, file systems, and memory on MacOS, Linux or Windows

• Experience with attacker tactics, techniques and procedures

• Experience performing data analysis on large datasets

• Experience in SQL to support detection engineering and incident response

Preferred Qualifications

• Experience with rule-driven and analysis-driven network platforms like Bro and Suricata

• Experience hunting, i.e. using threat intel to proactively and iteratively investigates these potential risks and finding suspicious behavior in the network

• Experience with understanding insider threats and create detections and/or models from signals

• Background in malware analysis, intrusion detection, and/or threat intelligence