Facebook&#**Apply on the website**;s mission is to give people the
power to build community and bring the world closer together. Through
our family of apps and services, we&#**Apply on the website**;re
building a different kind of company that connects billions of people
around the world, gives them ways to share what matters most to them,
and helps bring people closer together. Whether we&#**Apply on the
website**;re creating new products or helping a small business expand
its reach, people at Facebook are builders at heart. Our global teams
are constantly iterating, solving problems, and working together to
empower people around the world to build community and connect in
meaningful ways. Together, we can help people build stronger
communities - we&#**Apply on the website**;re just getting started.
Facebook is seeking an experienced Security Analyst to join the
Information Security team. This position will be responsible for
conducting security risk assessments against first-party/internal
information systems and applications, making reasonable and defensible
recommendations, and tracking progress on remediation until closure.
An ideal candidate is someone that has technical knowledge of the
broad aspects of information security, and is able to identify
security deficiencies not based on any frameworks or guidelines, but
based on the actual risk posed to Facebook and its users. This is not
a &#**Apply on the website**;check the box&#**Apply on the website**;
or &#**Apply on the website**;apply compliance standards&#**Apply on
the website**; position. This role requires a broad mix of technical
and business acumen coupled with polished communication and a strong
desire to learn.
* Independently perform risk-based security reviews of Facebook
internal systems, applications, and third party integrations
* Articulate security findings to internal to a variety of
stakeholders, including both technical and non-technical stakeholders
* Provide defensible recommendations on technical, physical and
administrative control implementations based on assessment findings
while balancing the cost versus benefits
* Negotiate acceptance of remediation plans and timelines based on
level of risk associated with a finding
* Responsible for third party security, vendor access and incident
management
* Participate in the development and oversight of corrective actions
relating to security issues
* Compile and report out security risk and operational metrics
* Participate in cross-functional, team, and status review meetings
* Recommend process improvement and strategic initiatives as related
to security assessment
* Have been driving or engaged in security audits for external
vendors or customers
* Experience in assessing security deficiencies in
first-party/internal information systems and recommending mitigating
controls
* 3+ years performing information security risk assessments and
management activities
* 5+ years of proven experience working on Information Security
teams or conducting Information Security consulting engagements
* In-depth knowledge of security assessment lifecycle
* Knowledge of evaluating systems architectural designs, data-flow
diagrams and technical security implementations, particularly for
systems hosted on the cloud platforms, for security deficiencies
* Knowledge of security technologies, devices and countermeasures as
well as the the threats they are designed to counter
* Good understanding of the various hacking techniques, the kill
chain, and the defensive countermeasures
* Knowledge and understanding of security controls across all
security domains such as access management, encryptions, vulnerability
management, authentication and authorization, network security
(IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
* Knowledge of Risk management frameworks and techniques
* Experience with developing security reporting and recommendations
that are meaningful, defensible and actionable for a variety of
audiences
* Ability to manage competing priorities and simultaneous projects
in a fast paced environment with little supervision
* Strong communication skills - both written and verbal,
interpersonal skills, and ability to work cross-functionally with
various teams
* Program and project management skills
* Knowledge of Threat modelling techniques
* Good understanding of IP networking, fundamental software
development, cloud platforms (IaaS, PaaS, SaaS) and the current IT
trends in the industry
* CISSP certification
* Experience with one or more programming languages and exposure to
the software development lifecycle
* Good grasp of NIST, PCI, ISO, and SOC security guidelines and
documents
* Bachelor&#**Apply on the website**;s Degree and/or advanced degree
with a concentration in one of the followings: Computer Science,
Management Information Systems, or Cyber Security
* Strong analytical and problem-solving skills, including a basic
understanding of data analysis techniques
Position: Security Analyst - Third Party Vendor Security (XRS)
Facebook&#**Apply on the website**;s mission is to give people the
power to build community and bring the world closer together. Through
our family of apps and services, we&#**Apply on the website**;re
building a different kind of company that connects billions of people
around the world, gives them ways to share what matters most to them,
and helps bring people closer together. Whether we&#**Apply on the
website**;re creating new products or helping a small business expand
its reach, people at Facebook are builders at heart. Our global teams
are constantly iterating, solving problems, and working together to
empower people around the world to build community and connect in
meaningful ways. Together, we can help people build stronger
communities - we&#**Apply on the website**;re just getting started.
Facebook is seeking an experienced Security Analyst to join the
Information Security team. This position will be responsible for
conducting security risk assessments against first-party/internal
information systems and applications, making reasonable and defensible
recommendations, and tracking progress on remediation until closure.
An ideal candidate is someone that has technical knowledge of the
broad aspects of information security, and is able to identify
security deficiencies not based on any frameworks or guidelines, but
based on the actual risk posed to Facebook and its users. This is not
a &#**Apply on the website**;check the box&#**Apply on the website**;
or &#**Apply on the website**;apply compliance standards&#**Apply on
the website**; position. This role requires a broad mix of technical
and business acumen coupled with polished communication and a strong
desire to learn.
* Independently perform risk-based security reviews of Facebook
internal systems, applications, and third party integrations
* Articulate security findings to internal to a variety of
stakeholders, including both technical and non-technical stakeholders
* Provide defensible recommendations on technical, physical and
administrative control implementations based on assessment findings
while balancing the cost versus benefits
* Negotiate acceptance of remediation plans and timelines based on
level of risk associated with a finding
* Responsible for third party security, vendor access and incident
management
* Participate in the development and oversight of corrective actions
relating to security issues
* Compile and report out security risk and operational metrics
* Participate in cross-functional, team, and status review meetings
* Recommend process improvement and strategic initiatives as related
to security assessment
* Have been driving or engaged in security audits for external
vendors or customers
* Experience in assessing security deficiencies in
first-party/internal information systems and recommending mitigating
controls
* 3+ years performing information security risk assessments and
management activities
* 5+ years of proven experience working on Information Security
teams or conducting Information Security consulting engagements
* In-depth knowledge of security assessment lifecycle
* Knowledge of evaluating systems architectural designs, data-flow
diagrams and technical security implementations, particularly for
systems hosted on the cloud platforms, for security deficiencies
* Knowledge of security technologies, devices and countermeasures as
well as the the threats they are designed to counter
* Good understanding of the various hacking techniques, the kill
chain, and the defensive countermeasures
* Knowledge and understanding of security controls across all
security domains such as access management, encryptions, vulnerability
management, authentication and authorization, network security
(IPS/IDS/DLP/Gen-2 firewalls/2FA, etc.), physical security, etc.
* Knowledge of Risk management frameworks and techniques
* Experience with developing security reporting and recommendations
that are meaningful, defensible and actionable for a variety of
audiences
* Ability to manage competing priorities and simultaneous projects
in a fast paced environment with little supervision
* Strong communication skills - both written and verbal,
interpersonal skills, and ability to work cross-functionally with
various teams
* Program and project management skills
* Knowledge of Threat modelling techniques
* Good understanding of IP networking, fundamental software
development, cloud platforms (IaaS, PaaS, SaaS) and the current IT
trends in the industry
* CISSP certification
* Experience with one or more programming languages and exposure to
the software development lifecycle
* Good grasp of NIST, PCI, ISO, and SOC security guidelines and
documents
* Bachelor&#**Apply on the website**;s Degree and/or advanced degree
with a concentration in one of the followings: Computer Science,
Management Information Systems, or Cyber Security
* Strong analytical and problem-solving skills, including a basic
understanding of data analysis techniques
We need : English (Good)
Type: Permanent
Payment:
Category: Others
