Security Engineer Investigator, Account Threats

Security Engineer Investigator, Account Threats
Location pin icon
London, UK
The Account Threats team is dedicated to protecting the users of Meta’s family of applications (e.g. Facebook, Instagram, WhatsApp, Oculus) from the worst kinds of account security issues we experience. You will have the opportunity to work on some of the most challenging, complicated, and high-visibility security risks the company is facing through an account security lens. The impact of your work will be substantial, as outcomes could affect the billions of people who use our products. We are seeking an experienced security engineer to proactively detect and analyze root causes of account security abuses, reverse engineer novel malware or other malicious software, investigate complex threats to our business and our users, advance investigative methods, conduct data-driven decision making, and use innovative approaches to protect people from harm. The candidate must have a strong cybersecurity or cyber threat intelligence background and know how to apply it to proactively hunt for threats, be able to use code to automate investigative actions, and be proficient in scripting languages, such as PHP or Python. The ideal candidate will be an innovative self-starter, who is motivated by our mission, is results-driven, a strategic thinker, and will be able to extract, assimilate, and correlate a wide variety of data in order to surface and disrupt account security abuses.
Security Engineer Investigator, Account Threats Responsibilities
  • Proactively hunt for threats and undetected abuse by leveraging internal data, open source intelligence, and third-party private intelligence.
  • Investigate complex account security abuses to understand in granular detail how abuse is occurring. Identify and implement appropriate detection or prevention strategies to mitigate harm both in the current case and from similar forward-looking abuse.
  • Understand the application of tactics, techniques, and procedures, as well as tooling, that actors use across various attack surfaces.
  • Reverse engineer malware and other potentially malicious software interacting with Meta platforms or users to derive behaviors indicative of abusive interactions with our platforms.
  • Write signatures (e.g. file, network) to detect, hunt, and prevent malware compromise.
  • Lead technical investigations from start-to-finish, to include effectively communicating actionable results, analytic judgments, and mitigations to different audience types across cross-functional settings.
  • Self-directed identification of trends in adversary behavior, and proactive surfacing of risks that may represent previously unidentified or novel vectors for harm. Deeply understand how abuse manifests and clearly explain emerging threats and trends, with an emphasis on security understanding.
  • Analyze and interpret complex, high volume, and high dimensionality data from varying sources to advance investigations, quantify trends, or support findings.
  • Take a leadership role in suggesting, prototyping, and teaching novel investigative techniques.
  • Partner with other cross-functional teams to identify, influence, and implement holistic solutions to surfacing and responding to emerging threats.
  • Manage multiple projects at once while effectively prioritizing time, based on team priorities.
  • Automate the everyday tasks and actions conducted during investigations and team processes.
Minimum Qualifications
  • 5+ years work experience in a cyber security, security investigations, or cyber threat intelligence investigations role.
  • Adept at writing queries to analyze and interpret large datasets to advance investigations, quantify trends or support findings.
  • Experience investigating and acting on high-impact threats such as account compromise, account creation abuse, business compromise, or malware analysis.
  • Proficiency in reverse engineering and familiarity with Android or Windows reverse engineering tools (e.g. JEB, IDAPro, or Ghidra), to include familiarity with machine code in at least one of the preferred architectures (x86/64, ARM/AArch64).
  • Proficiency in static and dynamic analysis of malicious software to understand behaviors and intent of the malicious software. Experience should include leveraging results to create malware detection rules (e.g. Yara) and hunting for malware.
  • Proficiency working with Python, PHP, or similar scripting languages.
  • Experience thinking critically and qualifying assessments with solid communications skills in a cross-functional setting to influence decision makers across all levels of technical background.
  • Experience identifying effective strategies to prevent or disrupt abuse at scale. Consult on the design of countermeasures to affect those strategies.
Preferred Qualifications
  • Experience working with a team spanning multiple locations/time zones.
  • Proficiency in detecting and mitigating account abuse for a Web-based service, to include experience with authentication attacks, account generation abuse, bot detection, evasion detection, and/or browser fingerprint analysis.
  • 3+ years of red or purple teaming exposure.
  • Deep technical and data analysis ability to analyze custom protocols to understand and expose adversarial behaviors.
  • Experience with sizing abuses / threats to a Web-based service.
  • Experience understanding tactics, techniques, and procedures (TTPs) and actor intent, including extracting this from malware.
  • Experience in scoping, communicating, and leveraging cyber threat intelligence to proactively detect, measure, or prevent abuse.
  • Experiencing tracking highest priority malware campaigns.
  • Expertise with multiple malware file formats.
  • Experience using SQL for data analytics and processing large data sets.
  • Demonstrated passion for understanding the intersection of global security risks, and how they apply to social media.
  • Experience with open source investigation techniques and familiarity with a variety of internet research tools.
  • BS/MS or equivalent experience in Computer Science, Information Systems, Intelligence Studies, Cybersecurity or related field.
  • Experience working across or contributing to the broader security community (public research, blogging, presentations, open source contributions, etc.)
About Meta
Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics.
Meta is committed to providing reasonable support (called accommodations) in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support. If you need support, please reach out to
Related Job Openings
Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. You may view our Equal Employment Opportunity notice here. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. We may use your information to maintain the safety and security of Meta, its employees, and others as required or permitted by law. You may view Meta Pay Transparency Policy, Equal Employment Opportunity is the Law notice, and Notice to Applicants for Employment and Employees by clicking on their corresponding links. Additionally, Meta participates in the E-Verify program in certain locations, as required by law.

Meta is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at
Let us know you're interested.
Share your resume or LinkedIn profile with our recruiting team and create personalized job alerts.