Detection & Response Security Engineer, Intern

Requirements

• Currently has, or is in the process, of obtaining a Bachelor's degree or equivalent experience in Computer Science or related field
• Experience analyzing network and host-based security events
• Knowledge of networking technologies, specifically TCP/IP and the related protocols
• Knowledge of operating systems, file systems, and memory structures on Windows, MacOS and Linux
• Coding/scripting experience in one or more general purpose languages
• Experience with attacker tactics, techniques, and procedures
• Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment
• Intent to return to full-time degree program after completion of the internship

Nice to Haves

• Experience in Detection & Response Engineering or similar Security Engineering role
• Experience designing systems used for responding to external and/or insider threats
• Experience building automations and integrations using SOAR platforms
• Background in security-focused software engineering, designing large scale systems and data pipelines, or offensive security
• Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems

What You'll Be Doing

• Triage security alerts and support incident response in a cross-functional environment, driving incident resolution for internal and external threats.
• Work on cross-functional projects to improve our capabilities to effectively detect and respond to security incidents.
• Analyze and hunt for attacker techniques (through log analysis from various sources such as host and network logs) to identify potential threats and detection ideas.
• Develop actions and workflows in our automation systems to improve the alert triage process (Python, SQL).
• Perform TTP-based Threat Modeling for a wide variety of assets including endpoints, mobile, servers, internal services, public & private cloud environments and networking equipment.
• Design and implement attack testing automation to validate detection coverage.
• Track threat clusters posing threats to Meta’s infrastructure and employees.
• Improve the tooling of threat cluster tracking and intelligence data integration to existing systems and various intelligence feeds.

Perks and Benefits

• This internship offers a wealth of challenging and technically stimulating security problems.
• Opportunity to work with industry-standard solutions as well as custom in-house tooling and datasets.
• Gain hands-on experience with tracking and responding to threats targeting Meta’s employees and infrastructure.
• Joining teams like Security Operations - Threat Intelligence and Security Operations - Incident Response.