Security Assessment Analyst - Cyber Defense Professionals

Job Expired

Facebook is seeking an experienced Information Security Assessment Analyst to join the Information Security team. This position will be responsible for conducting security risk assessments against first-party/internal information systems and applications, making reasonable and defensible recommendations, and tracking progress on remediation until closure. An ideal candidate is someone that has technical knowledge of the broad aspects of information security, and is able to identify security deficiencies not based on any frameworks or guidelines, but based on the actual risk posed to Facebook and its users. This is not a ‘check the box’ or ‘apply compliance standards’ position. This role requires a broad mix of technical and business acumen coupled with polished communication and a strong desire to learn. Some travel may be required.

Security Assessment Analyst Responsibilities

Independently perform risk-based security reviews of Facebook internal systems, applications, and third party integrations

Articulate security findings to internal to a variety of stakeholders, including both technical and non-technical stakeholders

Provide defensible recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits

Negotiate acceptance of remediation plans and timelines based on level of risk associated with a finding

Responsible for third party security, vendor access and incident management

Participate in the development and oversight of corrective actions relating to security issues

Compile and report out security risk and operational metrics

Participate in cross-functional, team, and status review meetings

Recommend process improvement and strategic initiatives as related to security assessment

Have been driving or engaged in security audits for external vendors or customers

Minimum Qualifications

3+ years experience assessing security deficiencies in first-party/internal information systems and recommending mitigating controls

3+ years experience performing information security risk assessments and management activities

5+ years of experience working on Information Security teams or conducting Information Security consulting engagements

3+ years experience evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies

Preferred Qualifications

In-depth knowledge of security assessment lifecycle

Knowledge of security technologies, devices and countermeasures as well as the threats they are designed to counter

Good understanding of the various hacking techniques, the kill chain, and the defensive countermeasures

Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.

Knowledge of Risk management frameworks and techniques

Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences

Program and project management skills

Knowledge of Threat modeling techniques

Good understanding of IP networking, fundamental software development, cloud platforms (IaaS, PaaS, SaaS) and the current IT trends in the industry

CISSP certification

Experience with one or more programming languages and exposure to the software development lifecycle

Good grasp of NIST, PCI, ISO, and SOC security guidances and documents

Bachelor’s Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security

Strong analytical and problem-solving skills, including a basic understanding of data analysis techniques

About Meta

Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics.

Meta is committed to providing reasonable support (called accommodations) in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support. If you need support, please reach out to [email protected].