Offensive Security Pentest Engineer

Facebook’s Security team is looking for an Offensive Security Pentest Engineer that can deliver technical expertise for our offensive security Penetration Testing team and execute tactical, offensive assessments across our environments. This individual should have extensive experience across the attack lifecycle and a demonstrated capacity to lead, design, and execute a penetration test against various technologies and stacks. Candidates are expected to scope, prepare and deliver technology-oriented assessments that positively benefit the overall security posture of the organization. This role requires a desire to help drive fixes after testing cycles, both as short term mitigations and long term improvements.
Offensive Security Pentest Engineer Responsibilities
  • Conduct penetration tests focused on both the unique systems and technologies used at Facebook, as well as approved third party software and vendors
  • Help in the building of tooling to automate portions of pentests, scoping or other offensive security work, and use this model to inform and drive our assessments, as well as assist other teams with Facebook security efforts
  • Design, scope, and lead deep technical assessments on internal and external facing systems
  • Perform research to identify new ways of achieving your mission
  • Work with vulnerability management, production security and other security programs to align remediation efforts and best protect the company from known threats
Minimum Qualifications
  • Experience performing internal and external assessments
  • Experience in leading a team during penetration tests
  • Knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems
  • Knowledge and understanding of attack surfaces for enterprise systems and services
  • Experience in at least one of PHP/Hack, Python, C/C++, Go or Java
  • Experience working in cross-functional programs
  • Experience translating technical concepts into language that is understood to audiences including software engineers, business and technical leaders
  • 5+ years of experience practicing application security assessments and penetration tests
Preferred Qualifications
  • Experience performing and leading whitebox and blackbox style assessments
  • Experience with complex, multi-stage, multi-person pentests for new internal customers or external vendors
  • Networking knowledge, including network virtualization technologies and ideally IPv6
About the Facebook company
Facebook’s mission is to give people the power to build community and bring the world closer together. Through our family of apps and services, we’re building a different kind of company that connects billions of people around the world, gives them ways to share what matters most to them, and helps bring people closer together. Whether we’re creating new products or helping a small business expand its reach, people at Facebook are builders at heart. Our global teams are constantly iterating, solving problems, and working together to empower people around the world to build community and connect in meaningful ways. Together, we can help people build stronger communities — we’re just getting started.
Facebook is committed to providing reasonable support (called accommodations) in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions or who are neurodivergent, and to candidates with sincerely held religious beliefs or requiring pregnancy related support. If you need support, please reach out to accommodations-ext@fb.com.
(Colorado only*) Minimum salary of $151,000/year + bonus + equity + benefits
*Note: Disclosure as required by sb19-085(8-5-20)

More Information

Apply for this job

Leave your thoughts

Share this job