Privacy Engineer, Incident Investigations - Facebook

Intro:

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.

Summary:

Privacy engineers investigate potential privacy incidents that span the entire family of products at Facebook providing technical fact gathering, root cause analysis, code auditing, and proposing and reviewing remediation from a privacy and security perspective. Learnings from incidents are applied to related systems at Facebook with the privacy engineer providing vital input to fundamental frameworks and underlying processes that drive our commitment to data privacy across our 2B+ users.

Required Skills:

1. Initial triage and fact identification: for every incident initial triage occurs to understand what has happened in order to assess the scope of impact. As part of triage, facts/evidence about the incident are uncovered.

2. Provide privacy-focused technical input for mitigation and remediation, uncover incident trends requiring further action, and participate in privacy review, implementation review and audit processes.

3. Review/understand what happened: all incidents will be reviewed to understand what happened and ensure that the root cause and contributing factors are identified and documented.

4. Identify incident trends and common root causes to ensure that frameworks and processes are put in place to eliminate entire classes of incidents.

Minimum Qualifications:

5. 2+ years industry experience in identifying, analyzing, scoping, containing and eradicating real-world threats.

6. 3+ years experience in developing, responding and analyzing technical security incident response for application and/or infrastructure breaches.

7. 2+ years work experience in a role coding in Python, PHP, Java, C/C++ (or equivalent language) including code maintenance and review.

Preferred Qualifications:

8. Experience contributing to the security community (public research, blogging, presentations, etc.).

9. Experience within a corporate environment communicating technical issues and their implications to other areas of the business.

10. B.S. or M.S. in Computer Science.

Industry: Internet