Experience Inc. Jobs

Job Information

Facebook Security Assessment Analyst in Menlo Park, California


Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.


Facebook is seeking an experienced Information Security Assessment Analyst to join the Information Security team. This position will be responsible for conducting security risk assessments against first-party/internal information systems and applications, making reasonable and defensible recommendations, and tracking progress on remediation until closure. An ideal candidate is someone that has technical knowledge of the broad aspects of information security, and is able to identify security deficiencies not based on any frameworks or guidelines, but based on the actual risk posed to Facebook and its users. This is not a 'check the box' or 'apply compliance standards' position. This role requires a broad mix of technical and business acumen coupled with polished communication and a strong desire to learn. Some travel may be required.

Required Skills:

  1. Independently perform risk-based security reviews of Facebook internal systems, applications, and third party integrations

  2. Articulate security findings to internal to a variety of stakeholders, including both technical and non-technical stakeholders

  3. Provide defensible recommendations on technical, physical and administrative control implementations based on assessment findings while balancing the cost versus benefits

  4. Negotiate acceptance of remediation plans and timelines based on level of risk associated with a finding

  5. Responsible for third party security, vendor access and incident management

  6. Participate in the development and oversight of corrective actions relating to security issues

  7. Compile and report out security risk and operational metrics

  8. Participate in cross-functional, team, and status review meetings

  9. Recommend process improvement and strategic initiatives as related to security assessment

  10. Have been driving or engaged in security audits for external vendors or customers

Minimum Qualifications:

  1. 3+ years experience assessing security deficiencies in first-party/internal information systems and recommending mitigating controls

  2. 3+ years experience performing information security risk assessments and management activities

  3. 5+ years of experience working on Information Security teams or conducting Information Security consulting engagements

  4. 3+ years experience evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly for systems hosted on the cloud platforms, for security deficiencies

Preferred Qualifications:

  1. In-depth knowledge of security assessment lifecycle

  2. Knowledge of security technologies, devices and countermeasures as well as the threats they are designed to counter

  3. Good understanding of the various hacking techniques, the kill chain, and the defensive countermeasures

  4. Knowledge and understanding of security controls across all security domains such as access management, encryptions, vulnerability management, authentication and authorization, network security (IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.

  5. Knowledge of Risk management frameworks and techniques

  6. Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences

  7. Program and project management skills

  8. Knowledge of Threat modeling techniques

  9. Good understanding of IP networking, fundamental software development, cloud platforms (IaaS, PaaS, SaaS) and the current IT trends in the industry

  10. CISSP certification

  11. Experience with one or more programming languages and exposure to the software development lifecycle

  12. Good grasp of NIST, PCI, ISO, and SOC security guidances and documents

  13. Bachelor's Degree and/or advanced degree with a concentration in one of the followings: Computer Science, Management Information Systems, or Cyber Security

  14. Strong analytical and problem-solving skills, including a basic understanding of data analysis techniques

Industry: Internet

Equal Opportunity: Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.