Meta Security is looking for Security Engineer Interns with experience in threat modeling, TTP identification, and detection engineering. You’ll work alongside Security Analysts, Software Engineers and Offensive Security Engineers to identify critical assets, assess the top risks, and evaluate and detect potential internal and external attacks against Meta systems. You will be working across engineering teams supporting Production and Corporate systems to develop detection and response automation leveraging both industry-standard and custom detection and response platforms. You’ll generate detection ideas and implementations utilizing some of the world’s largest datasets and build on top of hyper-scale data pipelines.This internship, starting Summer 2026, offers a wealth of challenging and technically stimulating security problems. We encourage self-starters and passionate security enthusiasts to apply and contribute to our mission.Teams You May Join:Surface Coverage – Detection EngineeringInsider Trust – Detection Engineering

‍

Detection & Response Security Engineer, Intern Responsibilities

Work in cross-functional projects to improve our capabilities to effectively detect and respond to security incidents

Review security architecture of large-scale custom and commercial systems and independently propose logging, detection and prevention controls

Perform TTP-based Threat Modeling for a wide variety of assets including endpoints, mobile, servers, internal services, public & private cloud environments and networking equipment

Perform analysis against logs from a variety of sources (e.g., individual host logs, network traffic logs) to identify potential threats and detection ideas

Build response workflows and actions that auto-resolve false positives and provide context scaling our ability to investigate

Support security incident response in a cross-functional environment and drive incident resolution for internal and external threats

Design and implement attack testing automation to validate detection coverage

Build logging pipelines using our custom datasets and infrastructure

Track threat clusters posing threats to Meta’s infrastructure and employees

Improve the tooling of threat cluster tracking and intelligence data integration to existing systems and various intelligence feeds

‍

Minimum Qualifications

Must be in the process of obtaining a BS or MS in Computer Science or related field

Experience analyzing network and host-based security events

Knowledge of networking technologies, specifically TCP/IP and the related protocols

Knowledge of operating systems, file systems, and memory structures on Windows, MacOS and Linux

Coding/scripting experience in one or more general purpose languages

Experience with attacker tactics, techniques, and procedures

Must obtain work authorization in country of employment at the time of hire, and maintain ongoing work authorization during employment

Intent to return to full-time degree program after completion of the internship

‍

‍Preferred Qualifications

Experience in Detection & Response Engineering or similar Security Engineering role

Experience designing systems used for responding to external and/or insider threats

Experience building automations and integrations using SOIR platforms

Background in security-focused software engineering, designing large scale systems and data pipelines, or offensive security

Experience in threat hunting including leveraging intelligence data to proactively identify and iteratively investigates suspicious behavior across networks and systems

Experience with anomaly detection applicable to the insider threat detection space

Familiarity with campaign tracking techniques and skills to convert the tracking results to long term countermeasures

Familiarity with threat modeling framework, such as Diamond Model and/or MITRE ATT&CK framework

Experience with intelligence-driven threat hunting to spot suspicious activities and identify potential risks, and experience with building notebooks to automate such hunts

Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as Logs and events processing, Incident Management, Digital Forensics, Offensive Security Testing, Detection and/or Response tooling development

For those who live in or expect to work from California if hired for this position, please click here for additional information.

‍