Apr 24 2023
Safety at scale: Bug bounty, integrity and privacy at Meta
By Meta Careers
Share icon
Facebook share icon
Facebook share dark icon
Whatsapp share icon
Whatsapp share icon
Twitter share icon
Twitter share dark icon
Close icon

“Privacy is not just a box to be checked — not on this team,” says Joe E., privacy engineering manager. “Protecting people and their safety underpins all the work we do at Meta. It’s threaded through how we approach innovation, develop products and build teams around the world.” Joe is part of the global privacy program, one of three teams — alongside the integrity team and security team — tackling a wide range of privacy, integrity and security challenges across Meta technologies.

“I think people would be surprised by the number of teams that work within integrity alone,” shares Bhavin K., a threat intelligence analyst on the integrity team. “Our projects are diverse and multi-faceted, which means the types of backgrounds, roles and opportunities on the team are, too.” Neta O., a whitehat analyst manager on the product security team, agrees that scale and impact serve as powerful motivators. “Our program is always expanding — from our tooling to where we operate globally — because we cover all Meta technologies.”

The unprecedented scope of the privacy, integrity and security programs at Meta makes it possible for teams to innovate and redefine what it means for people to feel safe using online platforms. Neta, Bhavin and Joe share how they embrace this people-first approach in their efforts around privacy, bug bounty work, integrity and security at Meta.

Behind the scenes of bug bounty

After a career in intelligence and security at various companies, Neta joined Meta in 2020. She shares “I wanted to join Meta because I’ve used the apps and technologies for more than 14 years. When I moved from Israel to Singapore, it helped me stay connected to friends and family.

"I felt certain I could make an impact by helping protect the data of the billions of people using Meta technologies."

Neta joined Meta to lead a fraud investigations team in business integrity, where she worked closely with the product security team to investigate vulnerabilities that may lead to fraud. “This collaboration led us to launch an integrity safeguards expansion for our bug bounty program at Meta, which enables people to report vulnerabilities that allow bypassing integrity measures on Meta’s products — a first for the organization and the industry.” This collaboration made Neta want to move internally and join the bug bounty team. After moving to the surface scaling and assurance team, Neta now supports the broader bug bounty program team, which enables external researchers to find vulnerabilities in Meta technologies, report them responsibly and get paid. “When a researcher discovers a vulnerability, my team triages the issue, assesses the impact, reports it to product teams, supports mitigation and pays the researcher,” she explains. “We manage the overall program, which includes documentation, vulnerability forms, getting feedback from researchers, events and live hackathons.”

According to Neta, the bug bounty program at Meta is unique, as it rewards people based on the maximum potential impact rather than the impact reported by the external security researcher. “Meta’s program is leading the industry by introducing new scope, such as scraping and integrity safeguards, and there are always exciting, novel problems to solve, which will only continue as the program evolves into the metaverse.”

Neta sits in a green chair surrounded by plants
Neta’s career as a whitehat analyst manager is in full bloom.

Maintaining integrity at unprecedented scale

Bhavin has built his career on protecting vulnerable communities from real-world harm. Before Meta, he worked at a consultancy in London covering security and political risks in South Asia. Today, he draws on that experience to tackle integrity issues from dangerous organizations and mass harassment to violence and incitement on the i3 problem intel and investigations team. “My team works with investigators and security engineers to identify bad actors who pose risk to our users using Meta technologies — from coordinated threats and harassment to attempts to silence people’s voices on the platforms,” he shares.

Bhavin sits in front of artwork by Supermundane at Meta London, Brock Street, commissioned by Meta Open Arts (@metaopenarts).

Cross-functional collaboration is critical for Bhavin and his team to mitigate privacy and security threats at this scale. “We work closely with our team of investigators across the organization to identify issues, and we partner with other teams to design solutions,” he shares. “Sometimes, solutions even lead to a larger product change. If bad actors are exploiting a vulnerability on our platforms across regions, we work with product teams to mitigate against this, whether by fixing the product or creating a new policy.”

"We are incredibly proactive. When our team succeeds, could-be problems don’t see the light of day."

This hands-on approach requires curiosity and a passion for problem-solving. “As analysts, we need to look at problems from every angle. We ask ourselves questions like, ‘How can we creatively tackle a threat?’ and ‘Can we identify a new team within Meta to help this effort?’” Bhavin explains. “Ultimately, our work is all about keeping people safe. This team genuinely cares for people — it's what gets us out of bed every morning.”

Ensuring products are safe and secure

Like Neta and Bhavin, Joe was drawn to Meta by the opportunity to improve privacy and security for people around the world. “The global scale at Meta is truly rare, and we have an unrivaled diversity of products and services that need to be protected,” he says. As a manager on the privacy engineering team, Joe focuses on empowering his team and partners to pursue this mission. “I keep close with my team to make sure they have the support they need, and I work with partners to ensure we’re meeting their top priorities.”

Joe describes his team members as good stewards of data. “We make sure that whenever a data-centric promise is made, Meta can ensure the promise remains true. Our software needs to protect the people using it, as well as their data.” This is a joint effort, as the privacy engineering team works cross-functionally with engineers, privacy program managers and legal partners. “We also work closely with product teams to ensure new products preserve privacy from day one.”

Joe smiles in a backyard full of vegetation
Joe bridges teams, products and partners together in London.

“Being on this team is a career-defining opportunity. We’re building new products with privacy in mind from the very start.”

Joe recently relocated to London from the US to help build a team with talent across Europe and Israel. "We support the privacy needs for all EMEA teams," Joe explains. "There are a lot of exciting challenges for us to solve, and I appreciate how deeply people at Meta care about privacy."

While Neta, Bhavin and Joe span different teams within privacy, security and integrity, they are united by the same goal: protecting people on Meta platforms. Whether it’s mitigating risk, discovering bad actors or designing privacy-first products, the proactive approach at Meta ensures safety is always the top priority.

Artwork in the second photo of the share and header image is by Supermundane at Meta London, Brock Street. Commissioned by Meta Open Arts (@metaopenarts).

Stay connected.

Meta is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics. You may view our Equal Employment Opportunity notice here. We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law. We may use your information to maintain the safety and security of Meta, its employees, and others as required or permitted by law. You may view Meta Pay Transparency Policy, Equal Employment Opportunity is the Law notice, and Notice to Applicants for Employment and Employees by clicking on their corresponding links. Additionally, Meta participates in the E-Verify program in certain locations, as required by law.

Meta is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations-ext@fb.com.
Let us know you're interested.
Share your resume or LinkedIn profile with our recruiting team and create personalized job alerts.