Offensive Security Pentest Engineer
- Menlo Park, CA
Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started.
Facebook's Security team is looking for an Offensive Security Pentest Engineer that can deliver technical expertise for our offensive security Penetration Testing team and execute tactical, offensive assessments across our environments. This individual should have extensive experience across the attack lifecycle and a demonstrated capacity to lead, design, and execute a penetration test against various technologies and stacks. Candidates are expected to scope, prepare and deliver technology-oriented assessments that positively benefit the overall security posture of the organization. This role requires a desire to help drive fixes after testing cycles, both as short term mitigations and long term improvements.
- Conduct penetration tests focused on both the unique systems and technologies used at Facebook, as well as approved third party software and vendors
- Help in the building of tooling to automate portions of pentests, scoping or other offensive security work, and use this model to inform and drive our assessments, as well as assist other teams with Facebook security efforts
- Design, scope, and lead deep technical assessments on internal and external facing systems
- Perform research to identify new ways of achieving your mission
- Work with vulnerability management, production security and other security programs to align remediation efforts and best protect the company from known threats
- Experience performing internal and external assessments
- Experience in leading a team during penetration tests
- Knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems
- Knowledge and understanding of attack surfaces for enterprise systems and services
- Experience in at least one of PHP/Hack, Python, C/C++, Go or Java
- Experience working in cross-functional programs
- Experience translating technical concepts into language that is understood to audiences including software engineers, business and technical leaders
- 5+ years of experience practicing application security assessments and penetration tests
- Experience performing and leading whitebox and blackbox style assessments
- Experience with complex, multi-stage, multi-person pentests for new internal customers or external vendors
- Networking knowledge, including network virtualization technologies and ideally IPv6
Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at firstname.lastname@example.org.
Back to top