Meta's security team is the central engine driving data and systems security at the company, supporting Meta and all of its family of apps. The org is responsible for inhibiting malicious actors from compromising our environment, detecting and responding to them before they do damage if they do, ensuring we are maintaining the protections we say we will, and engaging with the community to help those outside the company learn from the work we do.
The Role
We work across all parts of the company, from the corporate infrastructure to production to external services, interfacing with nearly every team in the company. The Security Engineer Intern will be responsible for identifying and enforcing solutions to control access to internal systems.
An ideal candidate is someone that has technical knowledge of the broad aspects of information security, and is able to identify deficiencies in the access management space. This role suits someone with an interest or understanding of the IAM concepts that can be applied to our internal IAM solutions. The position requires a basic understanding of security principles, complemented by technical, coding and communication skills coupled with a strong desire to learn.
Security Engineer Intern, Identity and Access Management (IAM) Responsibilities
- Design and implement systems that enhance the security of Meta’s Identity & Access Management Systems
- Develop scripts using a range of programming languages, including but not limited to Python/C++ and PHP/Hack
- Write performance-optimized queries for large data sets
- Conduct design and code reviews
- Identify and drive changes as needed for assigned codebase, product area and/or systems
- Collaborate and coordinate project efforts with cross-functional teams to ensure seamless execution
- Articulate security findings to internal to a variety of stakeholders, including both technical and non-technical stakeholders
- Research and provide recommendations on technical, physical, and administrative controls based on the security findings
- Participate in the development and oversight of corrective actions relating to security issues
- Participate in cross-functional, team, and status review meetings
Minimum Qualifications
- Currently enrolled in a full-time, degree-seeking program and in the process of obtaining a Bachelors or Masters degree in computer science, cybersecurity or a related field
- Software development experience
- Interest in assessing security deficiencies in first-party/internal information systems and recommending mitigating controls
- Interest in evaluating systems architectural designs, data-flow diagrams and technical security implementations, particularly in context of access management in different geographical locations
- Interest in developing security reporting and recommendations that are meaningful, defensible and actionable
- Ability to manage competing priorities and simultaneous projects in a fast paced environment
- Strong communication skills: both written and verbal, interpersonal skills, and ability to work cross-functionally with various teams
- Must obtain work authorization in the country of employment at the time of hire and maintain ongoing work authorization during employment.
Preferred Qualifications
- Contributions to the security community (public research, blogging, presentations, etc)
- Participation in bug bounty programs, capture the flag competitions, cybersecurity hackathons or similar
- Program and project management skills
- Knowledge or understanding of compliance, SOX, SOC2, NIST, PCI, ISO, and other security regulations
- Strong analytical and problem-solving skills, including a basic understanding of data analysis techniques
- Intent to return to full-time degree program after completion of the internship