Application Security Engineer, Enterprise Engineering

Facebook's mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we're building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we're creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities - we're just getting started. For every Facebook product a person uses, there are dozens of internal tools, frameworks, and automation that enable us to deliver it. We are building a team of security engineers to focus specifically on these internal services. These engineers will be security leaders within the broader Facebook engineering teams, gaining a solid understanding of the tools they support, and ensuring that security is built-in. You will work with one of the best security teams in the world, helping to protect the data people entrust to us. This is a technical position, requiring both deep and broad technical knowledge across a range of security disciplines. The ideal candidate will be adept at communicating across the organization, presenting arguments based on data, and driving security improvements via influence. <ul><li>Design and drive security improvements across multiple internal tools, frameworks, and applications.</li><li>Build lasting relationships with product and engineering leaders.</li><li>Drive security risk decisions, and influence technical architecture.</li><li>Act as the primary liaison between the engineering teams and the Facebook security team.</li><li>Develop and maintain deep industry expertise, as well as expertise on Facebook’s security offerings.</li><li>Conduct security reviews for internal services, identify risks and propose remediations.</li></ul> <ul><li>7 or more years of experience with information security.</li><li>Technical experience across security disciplines - web application, mobile, infrastructure, hardware, etc.</li><li>Experience with an interpreted or compiled programming language.</li><li>Experience in communicating security risks and plans to address them to senior leadership.</li><li>Experience building relationships with key stakeholders and business leaders.</li></ul> <ul><li>Application assessment experience for full-stack web-based and mobile applications.</li><li>Experience securing applications similar to Facebook's scale.</li><li>Experience with threat modeling techniques, such as STRIDE.</li></ul> Facebook is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.Facebook is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com.