Facebook’s mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we’re building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we’re creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we’re just getting started.
Facebook’s Security team is looking for an Offensive Security Engineer that can deliver technical leadership for our offensive security team and execute tactical, offensive assessments across our environments. This individual should have extensive experience across the attack lifecycle and a demonstrated capacity to lead an offensive security team. Candidates are expected to scope, prepare and deliver goal-oriented assessments that positively benefit our prevention, detection and response capabilities. This role requires a desire to help drive fixes after testing cycles.
- Lead offensive capabilities for Facebook, including building out a long-term strategy and approach
- Develop the program and methodology that shapes how we approach this space
- Document and model our infrastructure from an attacker’s perspective
- Build tooling to automate this and use this model to inform and drive our assessments
- Perform scoped and open-ended assessments on internal and external facing systems
- Perform research to identify new ways of achieving your mission, with an emphasis of open-sourcing wherever possible
- Experience performing internal and external assessments
- Experience in tailored reconnaissance, weaponization, exploitation and lateral movement
- Experience in scripting and coding
- Networking knowledge, including network virtualization technologies
- Knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems
- Knowledge of attack surfaces for enterprise systems and services
Publicly released tools or modules