Product Security Engineer - Meta

Meta's Product Security team is seeking a passionate hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with mobile security expertise necessary to make confident product decisions.As a Mobile Security Engineer at Meta, you will have the opportunity to explore a wide range of problem spaces working on multiple tech stacks across Android, iOS, and custom operating systems and hardware. You will engage directly with product teams to analyze application code and detect complex vulnerabilities, and assist them in mitigating these risks. You will develop frameworks and tools to perform automated detection of vulnerabilities and scale the impact of individuals. Come help us make life hard for the bad guys.

RESPONSIBILITIES

Product Security Engineer Responsibilities:

• Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more.
• Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities.
• Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products.

MINIMUM QUALIFICATIONS

Minimum Qualifications:

• B.S. or M.S. in Computer Science or related field, or equivalent experience
• 2+ years of experience finding vulnerabilities in mobile relevant languages (Java, Objective-C). Knowledge of best practice secure code development
• Experience with exploiting common security vulnerabilities

PREFERRED QUALIFICATIONS

Preferred Qualifications:

• Experience writing software that enables security processes
• Contributions to the security community (public research, blogging, presentations, bug bounty, etc.)