Product Security Engineer, Web

About the position

Meta's Product Security team is seeking a security engineer with demonstrated experience revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native-code security expertise necessary to make product decisions. Come help us make life hard for the bad guys.

Responsibilities

• Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more
• Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities
• Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products

Requirements

• BS or MS in Computer Science or a related field, or equivalent experience
• 5+ years of experience finding vulnerabilities in interpreted languages
• Knowledge of best practice secure code development
• Experience with exploiting common security vulnerabilities
• Knowledge of common exploit mitigations and how they work
• Coding and scripting experience in one or more general purpose languages
• 5+ years of experience finding vulnerabilities in web-based code (PHP, Python, JavaScript, Ruby)
• Experience creating software that enables security processes
• Contributions to the security community (public research, blogging, presentations, bug bounty)