Application Security Engineer

Application Security Engineer
Location pin icon
Meta FinTech is the newest business division of Meta (formerly Facebook Inc.) leading all things related to financial services at Meta, including Facebook Pay, WhatsApp Payments, and the Novi digital wallet. We’re seeking deeply experienced security talent to help enable and safeguard financial services at a truly global scale. The Meta FinTech Security Program is simultaneously responsible for, (a) enabling the business to achieve its goals at scale and pace, (b) safeguarding the business against real world security risks, and (c) addressing the regulatory scrutiny the business faces. Our goal is to make Meta the premier place to work for cyber security, information security, and security engineering professionals. We are targeting experienced security talent, with the intent of hiring the best and brightest in security. We are seeking a passionate Application Security Engineer with deep experience detecting, prioritizing, and driving remediation of vulnerabilities in applications and services. As a member of the Vulnerability Management and Application Security team, you will be responsible for managing and scaling a variety of vulnerability detection capabilities, including bug bounty, static and dynamic analysis, software composition analysis, the world-famous Meta Red Team, and more. You will look across all of the vulnerability and configuration data we are collecting to find opportunities to design and implement security solutions that prevent entire classes of vulnerabilities. Working with engineering, you will integrate vulnerability management directly into their development workflows and evangelize the importance of security in our products.
Application Security Engineer Responsibilities
  • Enhance the coverage and capability of our suite of application layer vulnerability detection services across the Novi application stack
  • Review and improve static and dynamic analysis findings to ensure their accuracy and relevance
  • Perform impact assessments, develop prioritized remediation plans, and drive remediation campaigns for the newest, nastiest application vulnerabilities
  • Take a leadership role in driving strategic solutions to recurring vulnerabilities
  • Provide actionable security guidance to our engineering teams
  • Integrate security technologies and processes directly into our pipelines
  • Proactively research and monitor security-related information sources to aid in vulnerability discovery
Minimum Qualifications
  • B.S. or M.S. in Computer Science or related field, or equivalent experience
  • Experience with one or more programming languages (Rust, Python, C++, Go, PHP etc.)
  • Breadth of technical experience in application security in large production environments
  • Proven technical understanding and expertise of CVSS, OWASP Top 10 and other Vulnerability Exploitability ratings
  • Proven communication skills to communicate the strategy and vision of the program effectively to stakeholders such as the engineering teams, leadership, security teams etc.
Preferred Qualifications
  • Background and experience in vulnerability management and threat assessment
  • Experience with threat modeling, including common frameworks such as STRIDE
  • Experience running large scale vulnerability mitigation and hardening initiatives
  • Experience in a financial services organization
  • Contributions to the security community (public research, open source, blogging, presentations, bug bounty, etc.)
Locations
About Meta
Meta builds technologies that help people connect, find communities, and grow businesses. When Facebook launched in 2004, it changed the way people connect. Apps like Messenger, Instagram and WhatsApp further empowered billions around the world. Now, Meta is moving beyond 2D screens toward immersive experiences like augmented and virtual reality to help build the next evolution in social technology. People who choose to build their careers by building with us at Meta help shape a future that will take us beyond what digital connection makes possible today—beyond the constraints of screens, the limits of distance, and even the rules of physics.
Meta is committed to providing reasonable support (called accommodations) in our recruiting processes for candidates with disabilities, long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support. If you need support, please reach out to accommodations-ext@fb.com.
(Colorado only*) Estimated salary of $177,000/year + bonus + equity + benefits
*Note: Disclosure as required by sb19-085(8-5-20)
Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. You may view our Equal Employment Opportunity notice here. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. We may use your information to maintain the safety and security of Meta, its employees, and others as required or permitted by law. You may view Meta's Pay Transparency Policy, Equal Employment Opportunity is the Law notice, and Notice to Applicants for Employment and Employees by clicking on their corresponding links. Additionally, Meta participates in the E-Verify program in certain locations, as required by law.

Meta is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations-ext@fb.com.