Meta's Privacy Infra External Data Misuses (EDM) Enforcement team ensures that user data is protected, and those trying to gain unauthorized access to it are identified, investigated, and all threats mitigated. EDM Enforcement assists the company to meet all internal standards for data management and protection. The team conducts investigations, involving technical analysis and OSINT attribution research, and works with stakeholders across the company to use all available resources to identify, mitigate, and prevent scraping of user data. Meta is looking for an investigator to join the EDM Enforcement team to lead, innovate, and take on the full range of scraping threats to the Meta family of apps. The position will be responsible for conducting end to end investigations on a large scope of actors seeking unauthorized access to user data, and working with a wide range of stakeholders across the company to drive the evolution of Meta's data policy, products, and enforcement options to identify, neutralize, and deter scraping on the platform. The role requires the candidate to have technical and OSINT experience, exposure to the adversarial space, and experience working with cross functional partners. The ideal candidate will work diligently on their own, empower their teammates, efficiently share knowledge, and translate technical and OSINT findings into actionable enforcement options. A mix of technical, leadership, business acumen coupled with polished communication and a strong desire to learn are key to success in this position.
Security Analyst, Anti Scraping Investigation Responsibilities:
Investigate complex cases using a variety of methodologies (on and off platform) to understand how abuse is occurring and attribute the person(s) responsible. Identify enforcement strategies to mitigate harm both in the current case and from similar forward-looking abuse. Document findings in detailed, concise, and comprehensive reports.
Engage cross-functionally with other analytic and investigative teams within the company to develop best practices for conducting investigations, training, and tracking and reporting on investigation trends to the team and supporting legal and technical enforcement actions against bad actors.
Manage multiple investigations at once while effectively prioritizing time.
Assist in the development of the long-term strategy in investigations to improve tactics, discoverability of threats, and enhance efficiencies.
Proactively look for currently undetected abuse by leveraging internal data, open-source intelligence, and third party private intelligence.
Drive and lead exploration of the scraping ecosystem, understand the scraping enabled business models, and the most significant risks and harms of scraping to users.
10+ years of investigative experience conducting technical and non-technical investigations of online threats and abuse
5+ years of SQL and relational databases experience
5+ years experience conducting OSINT and cyber attribution investigations
2+ years experience as technical lead or team lead in an adversarial and/or investigative space
Experience with, and exposure to, Linux/Unix environment, PHP, Python, Java, or other programming/scripting languages, TCP/IP protocol stack, and a variety of operating systems
Experience applying data analytics to security risk analysis and investigations
Experience drafting investigative reports, documenting evidence and technical findings, for a range of technical and non technical audiences. Experience working in cross-functional teams
Adversarial mindset and understanding how threat actors manifest on the internet
Attention to detail and experience creating work products suitable for executive-level review
Experience contributing to the security community (open source, academic research, industry research, blogs, presentations, etc.)
Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. You may view our Equal Employment Opportunity notice here. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. We may use your information to maintain the safety and security of Meta, its employees, and others as required or permitted by law. You may view Meta's Pay Transparency Policy, Equal Employment Opportunity is the Law notice, and Notice to Applicants for Employment and Employees by clicking on their corresponding links. Additionally, Meta participates in the E-Verify program in certain locations, as required by law