Meta
Offensive Security Engineer, Red Team Operations Group
Meta, Washington, District of Columbia, us, 20022
Overview
Meta's Security team is looking for an Offensive Security Engineer that can deliver technical expertise for our Red Team Operations Group (RTOG) and execute tactical, offensive assessments across our environments. RTOG is responsible for running full-scope and objective-based Red Team operations across all of Meta's platforms, technologies, and infrastructure, often requiring creative and bespoke offensive security. By exploring the "unknown unknowns", RTOG provides the security organization a means of risk-based prioritization, improving the company's defensive posture as a result. This role requires a desire to help drive fixes with partners from the greater security organization after engagement execution, both as short-term mitigations and long-term improvements. Responsibilities
Design, scope, and execute Red Team operations targeting both traditional and bespoke environments across Meta, evading preventions, detections, and response Incorporate Threat Intelligence research to track APT trends and recreate their Tactics, Techniques, and Procedures for operations and other offensive security testing Perform research to identify new ways of achieving your mission, and then develop and test them for use on an operation Work with Incident Response, Product Security, and other security partners to align remediation efforts that best protect the company Minimum Qualifications
5+ years of experience running offensive security assessments, 2+ years of full-scope Red Team operations Experience in owning, scoping, developing, and executing phases of Red Team Operations Demonstrated ability in Red Team Operations to make tradeoffs in ambiguous situations by understanding the end-goal and propose concrete paths forward Experience with both outside-in and assumed breach operations Experience in tailored reconnaissance, weaponization, exploitation and lateral movement Knowledge and understanding of attack surfaces for enterprise systems and services Experience adapting open source and COTS offensive tooling to evade EDR/AV or otherwise adjust to a target environment Experience developing reports and deliverables that provide stakeholders with meaningful information to address security issues, and when necessary translating technical concepts into language that is understood by broad technical and non-technical audiences Knowledge of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems Demonstrated understanding of how offensive security is used to improve security Experience in at least one of the following programming languages: Golang, Python, PHP, Hack, C, C++, Rust, Lua, Swift, or Java Preferred Qualifications
5+ years of experience executing Red Team operations Experience in leading and owning Red Team Operations end-to-end, and tasking other Red Team operators Experience developing custom tools existing tools to support offensive security teams An understanding of the ideas behind “designing for response” and how to make the most of Red Team Operations’ components in the greater scheme of security organization needs Knowledge of operational security across all phases of a Red Team operation, from infrastructure acquisition to noise level for specific TTPs, and how to de-risk them Experience with Red Team operations in non-traditional environments Experience setting up automated virtualized and test environments emulating the target environments Experience working closely with defenders to identify and fix problems About Meta
Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics. Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com. Compensation
$147,000/year to $208,000/year + bonus + equity + benefits Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base salary only and do not include bonus, equity or sales incentives, if applicable. Meta offers benefits. Learn more about benefits at Meta. Job Details
Seniority level: Not Applicable Employment type: Full-time Job function: Information Technology Industries: Technology, Information and Internet
#J-18808-Ljbffr
Meta's Security team is looking for an Offensive Security Engineer that can deliver technical expertise for our Red Team Operations Group (RTOG) and execute tactical, offensive assessments across our environments. RTOG is responsible for running full-scope and objective-based Red Team operations across all of Meta's platforms, technologies, and infrastructure, often requiring creative and bespoke offensive security. By exploring the "unknown unknowns", RTOG provides the security organization a means of risk-based prioritization, improving the company's defensive posture as a result. This role requires a desire to help drive fixes with partners from the greater security organization after engagement execution, both as short-term mitigations and long-term improvements. Responsibilities
Design, scope, and execute Red Team operations targeting both traditional and bespoke environments across Meta, evading preventions, detections, and response Incorporate Threat Intelligence research to track APT trends and recreate their Tactics, Techniques, and Procedures for operations and other offensive security testing Perform research to identify new ways of achieving your mission, and then develop and test them for use on an operation Work with Incident Response, Product Security, and other security partners to align remediation efforts that best protect the company Minimum Qualifications
5+ years of experience running offensive security assessments, 2+ years of full-scope Red Team operations Experience in owning, scoping, developing, and executing phases of Red Team Operations Demonstrated ability in Red Team Operations to make tradeoffs in ambiguous situations by understanding the end-goal and propose concrete paths forward Experience with both outside-in and assumed breach operations Experience in tailored reconnaissance, weaponization, exploitation and lateral movement Knowledge and understanding of attack surfaces for enterprise systems and services Experience adapting open source and COTS offensive tooling to evade EDR/AV or otherwise adjust to a target environment Experience developing reports and deliverables that provide stakeholders with meaningful information to address security issues, and when necessary translating technical concepts into language that is understood by broad technical and non-technical audiences Knowledge of server (Linux, Windows) and client (Windows, macOS, Linux) operating systems Demonstrated understanding of how offensive security is used to improve security Experience in at least one of the following programming languages: Golang, Python, PHP, Hack, C, C++, Rust, Lua, Swift, or Java Preferred Qualifications
5+ years of experience executing Red Team operations Experience in leading and owning Red Team Operations end-to-end, and tasking other Red Team operators Experience developing custom tools existing tools to support offensive security teams An understanding of the ideas behind “designing for response” and how to make the most of Red Team Operations’ components in the greater scheme of security organization needs Knowledge of operational security across all phases of a Red Team operation, from infrastructure acquisition to noise level for specific TTPs, and how to de-risk them Experience with Red Team operations in non-traditional environments Experience setting up automated virtualized and test environments emulating the target environments Experience working closely with defenders to identify and fix problems About Meta
Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics. Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. Meta participates in the E-Verify program in certain locations, as required by law. Please note that Meta may leverage artificial intelligence and machine learning technologies in connection with applications for employment. Meta is committed to providing reasonable accommodations for candidates with disabilities in our recruiting process. If you need any assistance or accommodations due to a disability, please let us know at accommodations-ext@fb.com. Compensation
$147,000/year to $208,000/year + bonus + equity + benefits Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base salary only and do not include bonus, equity or sales incentives, if applicable. Meta offers benefits. Learn more about benefits at Meta. Job Details
Seniority level: Not Applicable Employment type: Full-time Job function: Information Technology Industries: Technology, Information and Internet
#J-18808-Ljbffr