Security Engineer, Identity and Access Management (IAM)

Meta's security team is the central engine driving data and systems security at the company, supporting Meta and all of its family of apps. The security organization is responsible for inhibiting malicious actors from compromising our environment, preventing, detecting and responding to them before they do damage if they do, ensuring we are maintaining the protections we say we will, and engaging with the community to help those outside the company learn from the work we do. We work across all parts of the company, from the corporate infrastructure to production to external services, interfacing with nearly every team in the company.The Security Engineer should have prior experience with security policy, risk, and access management disciplines and be experienced in collaborating with cross-functional teams. This position will be responsible for identifying and enforcing solutions to control access to internal systems. An ideal candidate is someone that has technical knowledge of the broad aspects of information security, and is able to identify deficiencies in the access management space. This role specifically needs conceptual understanding of the IAM concepts that can be applied to our internal IAM solutions. This role requires a broad mix of security, technical, coding and communication skills coupled with a desire to learn.

• Directly contribute to experiments, including designing experimental details, authoring reusable code, running evaluations, and organizing results
• Contribute to publications and open-sourcing efforts
• Work with a large team
• Prioritize research that can be applied to Meta's product development
• Mentor other team members. Play a significant role in healthy cross-functional collaboration

• Experience in building products in Python/C++/ PHP/Hacklang/React technologies
• Bachelors degree in Computer Science related field, or equivalent experience
• Experience building large-scale distributed systems or similar experience
• 10+ years of software development experience
• Experience in assessing security deficiencies in first-party/internal information systems and recommending mitigating controls
• 3+ years of proven experience working on Information Security teams or conducting Information Security consulting engagements
• Knowledge of evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly in context of access management in different geographical locations
• Experience with developing security reporting and recommendations that are meaningful, defensible and actionable for a variety of audiences
• Skills to manage competing priorities and simultaneous projects in a time-sensitive and productive environment with little supervision
• Experience in communicating effectively with a broad range of stakeholders, collaborators and clients, at different levels

• Highly experience in analytical and problem-solving skills, including a basic understanding of data analysis techniques
• Good grasp of SOX, SOC2, NIST, PCI, ISO, and other security regulations
• Experience in the IAM domain in a cloud based infrastructure environment
• Program and project management skills