Security Engineer Intern, IR Threat Intelligence

Requirements

Currently enrolled in a full-time, degree-seeking program and in the process of obtaining a Bachelors or Masters degree in computer science or a related field
Experience analyzing network and host-based security events
Knowledge of networking technologies, specifically TCP/IP and the related protocols
Knowledge of operating systems, file systems, and memory structures on Windows, MacOS and Linux
Coding/scripting experience in one or more general purpose languages
Experience with attacker tactics, techniques, and procedures
Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment
Intent to return to full-time degree program after completion of the internship
Experience in Detection & Response Engineering or similar Security Engineering role
Experience designing systems used for responding to external and/or insider threats
Experience building automations and integrations using SOAR platforms
Background in security-focused software engineering, designing large scale systems and data pipelines, or offensive security
Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems
Experience with anomaly detection applicable to the insider threat detection space
Familiarity with campaign tracking techniques and skills to convert the tracking results to long term countermeasures
Familiarity with threat modeling framework, such as Diamond Model and/or MITRE ATT&CK framework
Experience with intelligence-driven threat hunting to spot suspicious activities and identify potential risks, and experience with building notebooks to automate such hunts
Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as Logs and events processing, Incident Management, Digital Forensics, Offensive Security Testing, Detection and/or Response tooling development

Responsibilities

Work in cross-functional projects to improve our capabilities to effectively detect and respond to security incidents
Review security architecture of large-scale custom and commercial systems and independently propose logging, detection and prevention controls
Perform TTP-based Threat Modeling for a wide variety of assets including endpoints, mobile, servers, internal services, public & private cloud environments and networking equipment
Perform analysis against logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential threats and detection ideas
Build response workflows and actions that auto-resolve false positives and provide context scaling our ability to investigate
Support security incident response in a cross-functional environment and drive incident resolution for internal and external threats
Design and implement attack testing automation to validate detection coverage
Build logging pipelines using our custom datasets and infrastructure
Track threat clusters posing threats to Meta’s infrastructure and employees
Improve the tooling of threat cluster tracking and intelligence data integration to existing systems and various intelligence feeds

FAQs

What is the job title for this internship?

The job title is Security Engineer Intern, IR Threat Intelligence.

What qualifications do I need to apply for this internship?

You need to be currently enrolled in a full-time, degree-seeking program and in the process of obtaining a Bachelor's or Master's degree in computer science or a related field.

Is prior experience required to apply for this internship?

While prior experience is preferred, the minimum qualifications include experience analyzing network and host-based security events and knowledge of networking technologies, operating systems, and coding/scripting.

What responsibilities will I have as a Security Engineer Intern?

Responsibilities include working on cross-functional projects to detect and respond to security incidents, performing TTP-based Threat Modeling, analyzing logs to identify threats, building response workflows, and tracking threat clusters.

Will I work alone or with a team?

You will work as part of a cross-functional team alongside Security Analysts, Software Engineers, and Offensive Security Engineers.

Are there opportunities to return to my degree program after the internship?

Yes, having the intent to return to a full-time degree program after the completion of the internship is a preferred qualification.

What kind of projects will I be involved in during the internship?

You will be involved in projects improving detection and response capabilities, analyzing security architecture, designing and implementing automation for attack testing, and building logging pipelines.

Does this internship require knowledge of the MITRE ATT&CK framework?

Yes, familiarity with the MITRE ATT&CK framework is listed as one of the preferred qualifications.

What technical skills are emphasized in this role?

Key skills include network and host-based security event analysis, knowledge of TCP/IP protocols, coding/scripting experience, and understanding attacker tactics, techniques, and procedures.

What benefits does Meta offer to its employees?

Meta offers a range of benefits, including but not limited to compensation, which is determined by skills and qualifications, as well as other perks associated with employment.

Where will I be working during this internship?

You will be working across engineering teams supporting Production and Corporate systems at Meta's facilities, following a hybrid work model where applicable.