Software Engineering
Director of Product Security
Menlo Park, CA
Facebook was built to help people connect and share, and over the last decade our tools have played a critical part in changing how people around the world communicate with one another. With over a billion people using the service and more than fifty offices around the globe, a career at Facebook offers countless ways to make an impact in a fast growing organization.
We are looking for a strong software engineering director to lead the product security team, responsible for ensuring the security posture of Facebook’s products. Security is at the core of Facebook's design and development process: it is built into the DNA of our products. You're an expert who shares our seriousness about security and our commitment to confidentiality for the 1B+ active users that depend on us. You'll manage the application security team responsible for identifying and securing design or implementation weaknesses across the numerous products that make up Facebook.
The successful candidate will be able to task, time and project manage the assignments they are given, be able to communicate effectively in one-on-one and group settings, be able to explain complex security requirements to non-security individuals. You must be a self-starter with excellent communication and documentation skills, require minimal supervision and work well in collaborative, resource-constrained environments. You must be able to partner with software engineering teams across the company and be a creative problem solver, who can leverage the vast employee expertise held cross functionally. The successful candidate will get to help build a robust security practice and will work in a technically diverse and rapidly expanding organization that cares deeply about security.
The successful candidate will be able to task, time and project manage the assignments they are given, be able to communicate effectively in one-on-one and group settings, be able to explain complex security requirements to non-security individuals. You must be a self-starter with excellent communication and documentation skills, require minimal supervision and work well in collaborative, resource-constrained environments. You must be able to partner with software engineering teams across the company and be a creative problem solver, who can leverage the vast employee expertise held cross functionally. The successful candidate will get to help build a robust security practice and will work in a technically diverse and rapidly expanding organization that cares deeply about security.
Responsibilities
- The Director of the product security program will be responsible to:
- -Build, staff and manage a world-class application security team. Motivate the team and partner teams through outstanding leadership and deep knowledge of the application security domain.
- -Have passion for real security and be able to positively spread this enthusiasm to partner teams. Check-the-box and compliance driven candidates are not a fit at Facebook.
- -Partner with product designers, engineers and executive functions to ensure Facebook’s new products and features are built securely.
- -Build a drive a cohesive and defensible product security strategy that inspires the team and is easy to understand and communicate to the company.
- -Articulate security requirements clearly and factually. Be able to demonstrate the importance of a requirement via real world examples or data while avoiding theoretical or hypothetical arguments.
- -Promote and expand our Whitehat bug bounty program to partner with the top security researchers and pentesters globally in finding and fixing security bugs.
- -Operationalize and build efficiencies into our security bug triage and handling flows to ensure rapid effective fixes, clear communication and straight forward assessment of impact.
- -Support the incident response and architecture review processes with application security expertise, a deep understanding of Facebook products and a balanced opinion of security vs. functionality tradeoffs.
- -Oversee employees and vendors during penetration testing, architecture consulting and security reviews engagements.
- -Support 3rd party software and developer reviews to ensure acquired software meets Facebook security standards.
- -Produce meaningful metrics to demonstrate the current state of the product security program
Requirements
- 8+ years of relevant work experience, including hands-on technical management and coding skills, and proven ability to contribute at both strategic and operational levels
- Demonstrated ability to recruit and manage technical teams, including performance management
- Must be able to effectively develop and communicate information security strategies and architectures (e.g. solution architecture specifications, long range security strategies). Must be able to translate highly technical concepts into language this is meaningful to many audiences, including software engineers, business and technical leaders and external security community members and press.
- Must be able to explain all vulnerability classes and design weaknesses in the OWASP Top 10, WASC TCv2 and CWE 25 to any audience along with effective defensive techniques.
- BA/BS in Computer Science (In lieu of degree, equivalent work experience)
Ansøg nu
Please limit to 3 applications.
Andre stillinger i Security
- Product Security Engineer(Menlo Park)
- Safety and Security Software Engineer(Washington)