What is Required to Work as a Cybersecurity Engineer in Facebook?

 

Dream of working at Facebook, Google, Microsoft, Linkedin, or any of the fortune 500 companies? 

 

This was the topic of our third webinar series “What is required to work in cyber security jobs?” named “What is required to work as a cybersecurity engineer in Facebook?”. 

 

This week, we hosted Ibrahim Mosaad, Product Security Engineer at Facebook. Mosaad discussed with CyberTalents what skills you should have and what type of talents these companies are searching for.

What are the Required Skills?

Those types of companies need to hire the best of the best in every position. Nearly, every employee or engineer in Facebook serves 1 million users. That's why you need to have a wide skill set in many cyber security topics and in-depth skills in one of the topics”. Said Mosaad, Product Security Engineer at Facebook.

 

As a product security engineer, I work on assessing the security issues of Facebook products, provide guidance, recommendations and fixes products on different channels” Mosaad added. Some of the fields that Mosaad works on are:

Web Security

This covers websites like Facebook and Instagram and also, the backend of mobile apps.

Mobile Security 

This covers Facebook, Instagram, FB messenger, WhatsApp mobile applications, and others.

Native Security

This covers stuff that is written by C and C++, especially for performance issues or any other reasons.

Coding Skills and Security Mindset

This kind of skill is needed while you are working in any domain.

 

Mosaad mentioned that you don’t need to master all of the above skills to have a cyber security job in Facebook. As for the first 3 skills, you need to master, at least, one of them, and have strong knowledge of the other two.

 

Moving on to coding skills, you are not a developer, however, you need to be able to represent your ideas in code or even automate some work.

How do CTFs help you?

Capture the flag competitions are a way, not a goal. You should balance your time between CTFs, coding, and problem-solving. Give 33% of your time to coding and problem solving while the rest to solving CTFs.

What are the Different Cybersecurity Jobs at Facebook?

Facebook has many cybersecurity jobs like product security, threat detection, malware analysis, and many others. I suggest all talents check their Facebook Careers page.

Facebook Hiring Process

The Facebook interviewing process is a multistage process which is summarized below:

1. Send your CV through the Facebook Career page

This is the first filter where the interviewers need to decide if you deserve to move to the next step or not.

2. Phone Interview

This is around 30 minutes call discussing mainly the points mentioned in your CV.

3. On-Site interviews 

This will be a series of interviews, an average of four interviews that cover different aspects both technically and/or problem-solving skills and others.

 

The interviewer needs to see your contributions to the cyber security community. That's very important. Did you participate in CTFs? Do you make writeups for CTF challenges? Do you speak in cyber security conferences regularly, did you work in any cyber security research before.” Said Mosaad

Learning Resources

1- Books:

Web Security

  • The Tangled Web
  • Web hacking 101
  • The Web application hacker’s handbook
  • The Browser Hacker’s Handbook
  • SQL injection Attack and Defense
  • XSS Exploits Cross-Site Scripting Attacks and Defense.

Mobile Security

  • Android Hacker’s Handbook
  • iOS Hacker’s Handbook
  • Android Security Internals
  • iOS Application Security
  • The Mobile Application Hacker’s handbook
  • Hacking and Security iOS Applications

Native Security

  • Secure coding in C and C++
  • Effective Modern C++
  • Hacking: The Art of Exploitation
  • The CERT; C Coding Standard
  • The Art of Software Security Assessment

2- Conferences

Conferences are one of the best sources of knowledge. You don’t have to attend all events but for sure, you need to listen to most of the sessions. All conferences release their video talks a few months after the end of them.

 

Some of the conferences that you must see their talks are Defcon, Blackhat, Enigma Conference organized by google, CanSecWest, Cairo Security Camp, and AppSec USA and Europe.

3- Security Competitions/Exercises

Participating in Capture The Flag competitions is very important. It will help all talents to sharpen their skills in cybersecurity. Below are some of the best CTFs that you can join:

 

Also, there are some platforms that you can use for practice like: 

 

 

Read more articles related to cybersecurity jobs: 

What is Required to Work in Malware Analysts Jobs? 

What is Required to Work in Web Penetration Testing Jobs? 

What is Required to Work in Threat Intelligence Jobs? 

What is Required to Work in Automotive Cybersecurity Jobs?

What is Required to Work in SOC Analysis Jobs? 

What is Required to Work as a CISO?

Share