Job Description

Meta's Red Team X is looking for an Offensive Security engineer that can deliver technical expertise for our offensive security team and execute tactical, offensive assessments across our environments. This individual should have knowledge across the attack lifecycle and a demonstrated capacity to understand, design and execute a security assessment against various technologies and stacks. Candidates are expected to scope, prepare and deliver technology-oriented assessments that positively benefit the overall security posture of the organization. This role requires a desire to help drive fixes after testing cycles, both as short term mitigations and long term improvements.-L'equipe Red Team X de Meta recherche un ingenieur en securite offensive capable de fournir une expertise technique a notre equipe de securite offensive et d'executer des evaluations tactiques et offensives dans nos environnements. Cette personne doit avoir des connaissances sur l'ensemble du cycle de vie des attaques et une capacite demontree a comprendre, concevoir et executer une evaluation de securite par rapport a diverses technologies et stacks technologiques. Le ou la titulaire de ce poste est responsable de la determination de la portee, de la preparation et de la realisation d'evaluations a caractere technologique qui ont une incidence positive sur la securite generale de l'organisation. Ce poste requiert un desir de contribuer a la mise en place de correctifs apres les cycles de test, a la fois comme des mesures d'attenuation a court terme et des ameliorations a long terme.





###

Offensive Security Engineer Red Team X | Ingenieur en securite offensive Red Team X Responsibilities:

Conduct security assessments focused on both the unique systems and technologies used at Meta, as well as approved 3rd party software and vendors | Effectuer des evaluations de securite axees a la fois sur les systemes et technologies uniques utilises chez Meta, ainsi que sur les logiciels et fournisseurs tiers approuves Help in the building of tooling to automate portions of assessments, scoping or other offensive security work, and use this model to inform and drive our assessments, as well as assist other teams with Meta's security efforts | Aider a la creation d'outils pour automatiser certaines parties des evaluations, de la definition de la portee ou d'autres travaux de securite offensifs, et utiliser ce modele pour informer et piloter nos evaluations, ainsi que pour aider d'autres equipes dans les efforts de securite de Meta Design, scope, and lead complex technical assessments on internal and external facing systems | Concevoir, definir et diriger des evaluations techniques complexes sur des systemes internes et externes Perform research to identify new ways of achieving your mission | Effectuer des recherches pour definir de nouveaux moyens de realiser votre mission. Work with vulnerability management, production security and other security programs to align remediation efforts and best protect the company from known threats | Travailler avec la gestion des vulnerabilites, la securite de la production et d'autres programmes de securite pour coordonner les efforts de remediation et proteger au mieux l'entreprise contre les menaces connues.






###

Minimum Qualifications:

Experience performing internal and external assessments | Experience dans la realisation d'evaluations internes et externes Knowledge of Red Teaming, Penetration Testing, and/or Cyber Threat Hunting | Connaissance du Red Teaming, des tests de penetration et/ou de la chasse aux cybermenaces Knowledge of networking fundamentals (TCP/UDP protocols, SSL/TLS, SSH, etc.) | Connaissance des fondamentaux des reseaux (protocoles TCP/UDP, SSL/TLS, SSH, etc.) Knowledge of server (Linux, Windows) and client (Windows, OS X, Linux) operating systems | Connaissance des systemes d'exploitation serveur (Linux, Windows) et client (Windows, OS X, Linux) Knowledge and understanding of attack surfaces for enterprise systems and services | Connaissance et comprehension des surfaces d'attaque pour les systemes et services d'entreprise Experience in at least one of the following programming languages: Golang, Python, PHP, Hack, C, C++, or Java | Experience dans au moins un des langages de programmation suivants : Golang, Python, PHP, Hack, C, C++ ou Java Experience working in cross-functional programs | Experience de travail dans des programmes interfonctionnels Bachelor's degree (or foreign degree equivalent) in Information Systems Engineering, Computer Science, Engineering, Information Security, Cyber Security, Information Assurance, or equivalent experience | Licence (ou diplome etranger equivalent) en ingenierie des systemes d'information, informatique, ingenierie, securite de l'information, cybersecurite, assurance de l'information ou experience equivalente 5+ years of experience in Red Team Security Testing, Penetration Testing, and/or Cyber Threat Hunting | Plus de 5 ans d'experience en tests de securite Red Team, tests de penetration et/ou chasse aux cybermenaces Demonstrated coding/scripting skills in one or more general purpose languages | A demontre des competences en codage/scripting dans un ou plusieurs langages a usage general






###

Preferred Qualifications:

Experience performing and leading whitebox and blackbox style assessments | Experience de la realisation et de la direction d'evaluations de type boite blanche (WhiteBox) et boite noire (BlackBox) Experience with complex, multi-stage, multi-person pentests for new internal customers or external vendors | Experience dans la realisation de tests d'intrusion complexes, en plusieurs etapes et pour plusieurs personnes, pour de nouveaux clients internes ou des fournisseurs externes Knowledge of cloud computing platforms (e.g., AWS, Google Cloud Platform, Azure) and operating systems (Linux, Windows, macOS) | Connaissance des plateformes de cloud computing (par exemple, AWS, Google Cloud Platform, Azure) et des systemes d'exploitation (Linux, Windows, macOS) Contributions to the security community (public research, blogging, presentations, bug bounty, tooling, etc) | Contributions a la communaute de securite (recherche publique, blogs, presentations, bug bounty, outils, etc.) Understanding of attack surfaces for enterprise systems and services | Comprehension des surfaces d'attaque pour les systemes et services d'entreprise Offensive Security Certified Professional(OSCP) certification, or equivalent | Certification Offensive Security Certified Professional (OSCP) ou equivalent Track record of participation in Capture The Flag competitions | Historique de participation aux concours Capture The Flag






###

About Meta:

Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today--beyond the constraints of screens, the limits of distance, and even the rules of physics.









CA$133,000/year to CA$176,000/year + bonus + equity + benefits



Individual compensation is determined by skills, qualifications, experience, and location. Compensation details listed in this posting reflect the base hourly rate, monthly rate, or annual salary only, and do not include bonus, equity or sales incentives, if applicable. In addition to base compensation, Meta offers benefits. Learn more about benefits at Meta.