Mudita K., a security engineer, has a knack for finding things.
“Something we say on the security engineering team all the time is ‘shift left,’” she says. “That means we need to find things earlier rather than later.”
A few years ago, Mudita found herself at a crossroads at the beginning of her career, trying to figure out what to do after college. “I’d completed my bachelor's in computer science. And I thought, it’s such a big world out there. I can do so much, but I don't know what I want to do."
While Mudita considered grad school, she ultimately decided joining the workforce was the right move for her. She started consulting, which introduced her to the world of security. Then a friend told her about an opening on the security team at Meta. “Still,” she says, “somewhere inside me, I thought, ‘I'm not going to get into Meta. I'm not Meta material. The bar was so high, with so many people applying for the same job. They won't hire me.’”
She smiles. “But at the same time, it sounded so cool! So I thought, okay, I'm going to apply."
There’s a common misconception that privacy teams
and security teams
are interchangeable. Mudita is quick to clear that up: “Security doesn’t build software for, let’s say, Instagram or WhatsApp. What we are responsible for is making sure all the software within our products — including Instagram, WhatsApp, Meta Quest devices, etc. — is secure.”
Said another way, security engineering teams focus on looking for potential or known issues within Meta’s systems and software. Privacy is about keeping information safe, helping people understand how their data is used and giving them control over it, and clarifying what people can and can’t share.
That doesn't mean partnerships between security and privacy don't occur. In Mudita’s work, these kinds of cross-functional collaborations happen frequently. “We do work with privacy teams a lot, because in our analysis of products, we may realize that something could pose a potential privacy risk,” Mudita explains. “If a security issue exists, it can potentially compromise our users' privacy, too. And that's when we loop in the privacy team to ensure we develop solutions early that will protect people’s privacy and security simultaneously."
Mudita recalls a time when she felt deeply satisfied with her work on the team. “I did a security review and found some bugs,” she explains. “A couple of weeks after that, I had an opportunity to scale my solution — I created a tool to detect these types of bugs automatically. It saved a lot of time for future security engineers like myself.”
Mudita also started a private bug bounty program. “We open new products to some of our researchers before they go live,” she continues. “Under this program, researchers can find bugs before the product goes live, and before end users or bad actors find them. It’s successful, and still going three years later.”
Mudita sees herself staying at Meta as her career grows. One of the reasons why she feels this way is the opportunity to constantly learn. “In my four years at Meta, learning has never stopped,” Mudita says. “There’s always an opportunity to keep building cool things, to keep doing new things, to keep learning.”