Product Security Engineer - Web

Product Security Engineer - Web at Meta

Meta's Product Security team is seeking a hacker who derives purpose in life by revealing potential weaknesses and then crafting creative solutions to eliminate those weaknesses. Your skills will be the foundation of security initiatives that protect the security and privacy of over two billion people. You will be relied upon to provide engineering and product teams with the web, mobile, or native-code security expertise necessary to make confident product decisions. Come help us make life hard for the bad guys.

Responsibilities:

• Security Reviews: perform manual design and implementation reviews of products and services that make up the Meta ecosystem, like Instagram, WhatsApp, Oculus, Portal, and more
• Developer Guidance: provide guidance and education to developers that help prevent the authoring of vulnerabilities
• Automated Analysis and Secure Frameworks: build automation (static and dynamic analysis) and frameworks with software engineers that enable Meta to scale consistently across all of our products

Minimum Qualifications:

• BS or MS in Computer Science or a related field, or equivalent experience
• 2+ years of experience finding vulnerabilities in interpreted languages. Knowledge of best practice secure code development
• Experience with exploiting common security vulnerabilities
• Knowledge of common exploit mitigations and how they work
• Coding and scripting experience in one or more general purpose languages

Preferred Qualifications:

• 2+ years of experience finding vulnerabilities in NodeJS, PHP or other web technologies
• Contributions to the security community (public research, blogging, presentations, bug bounty)
• Experience creating software that enables security processes

About Meta:

Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics.

Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law.

Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@meta.com.

The compensation for this role ranges from $122,000/year to $181,000/year + bonus + equity + benefits. Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate, monthly rate, or annual salary only, and do not include bonus, equity or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.

Key skills/competency

• Product Security
• Web Security
• Vulnerability Research
• Static Analysis
• Dynamic Analysis
• Secure Frameworks
• NodeJS
• PHP
• Exploit Mitigation
• Manual Reviews