Application Security Engineer - Enterprise Engineering

$143,000 - $208,000/Yr

Meta - Trenton, NJ

posted about 2 months ago

Full-time - Mid Level
Trenton, NJ
Web Search Portals, Libraries, Archives, and Other Information Services

About the position

Meta's Enterprise Application Security team is seeking a passionate security engineer with a hacker mindset who derives purpose in life by identifying weaknesses and crafting creative solutions to eliminate those weaknesses at scale. We don't just identify and help fix security vulnerabilities - we go beyond by preventing security problems before they exist. You will be expected to operate at an expert technical level with developers and engineers across large organizations. You will be relied upon to provide application and infrastructure teams with security expertise necessary to build the secure enterprise that underpins Meta. As an Application Security Engineer, you will conceive, design, develop, and improve industry-leading security tooling, automation, and frameworks that enable enterprise teams at scale to deliver applications and services with appropriate security controls to meet evolving requirements for security and privacy. Your role will involve identifying and eliminating classes of security problems by shifting detection and prevention left into the development workflow. You will provide just-in-time, actionable, technical security guidance to enterprise application and service teams through code reviews, penetration tests, adversarial testing, threat modeling, architecture design reviews, and other security activities. Additionally, you will identify and prioritize areas of improvement for security maturity across the enterprise, ensuring prioritization, resourcing, and timely delivery of work within a changing business environment. Collaboration with cross-functional teams will be essential to ensure that security work is being prioritized and addressed effectively.

Responsibilities

  • Conceive, design, develop and improve industry-leading security tooling, automation and/or frameworks that enable enterprise teams at scale to deliver applications and services with appropriate security controls to meet evolving requirements for security and privacy
  • Identify and eliminate classes of security problems by shifting detection and prevention left into the development workflow
  • Provide just-in-time, actionable, technical security guidance to enterprise application and service teams through code reviews, penetration tests, adversarial testing, threat modeling, architecture design reviews, and other security activities
  • Identify and prioritize areas of improvement for security maturity across the enterprise
  • Ensure prioritization, resourcing, and timely delivery of work within a changing business environment
  • Collaborate with cross-functional teams to ensure security work is being prioritized and addressed

Requirements

  • 4+ years work experience writing production-level code in Python, PHP, Java, Ruby, Go, Rust, C/C++, or similar language
  • 4+ years of work experience identifying and mitigating security issues in software (Python, PHP, Java, Ruby, Go, Rust, C/C++ or similar language) and knowledge of best practice secure code development
  • Experience in designing, analyzing and conducting threat model assessments of enterprise software and services
  • Experience fixing enterprise security problems across broad corporate boundaries using influence and relationships
  • Experience owning a particular component, feature or system
  • Proven communication skills and high attention to detail

Nice-to-haves

  • B.S. or M.S. in Computer Science, Engineering, or related technical discipline, or equivalent experience
  • Experience in penetration testing or red team operations
  • Experience automating application security controls in large-scale enterprise environments
  • Experience writing software that enables or evaluates security controls in complex systems
  • Experience building and securing enterprise-scale software, services, and infrastructure
  • Broad knowledge of the security domain, which may include security investigations, incident management, digital forensics, offensive security, vulnerability management, application security, and other security disciplines
  • Contributions to the security community (public research, blogging, presentations, bug bounty, etc.)

Benefits

  • Bonus
  • Equity
  • Health Insurance
  • Paid Holidays
  • Professional Development
  • Flexible Scheduling

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service