What is required to work as a security engineer in Facebook & Google?

Dream of working at Facebook, Google, Microsoft, Linkedin, or any of the fortune 500 companies?

That was the topic of our third webinar series “What is required to work in cybersecurity jobs” named What is required to work in cybersecurity jobs at Facebook?. This week we hosted Ibrahim Mosaad, Product Security Engineer at Facebook. Mosaad discussed with CyberTalents what skills you should have and what type of talents those companies are searching for.

What are the required skills?

“Those type of companies need to hire the best of the best in every position. Nearly, every employee or engineer on facebook serves 1 million users.That’s why you need to have wide skills set in many cybersecurity topics and in-depth skills in one of the topics”. Said Mosaad, Product Security Engineer, Facebook

“As a product security engineer, I work on assessing the security issues of Facebook products, provide guidance, recommendations and fixes products on different channels”, Mosaad added. Some of the fields that Mosaad works on are

  1. Web security: this covers websites like www.facebook.com www.instagram.com and also the backend of mobile apps.
  2. Mobile security: This covers Facebook, Instagram, FB messenger, WhatsApp mobile applications and others  
  3. Native security: This covers stuff that is written by C, C++ especially for performance issues or any other reasons
  4. Coding skills and Security mindset: This kind of skills is needed while you are working in any domain

Mosaad mentioned that you don’t need to master all of the above skills to have a cybersecurity job on facebook. As for the first 3 skills, you need to master, at least, one of them and have a strong knowledge of the other two. Moving on to coding skills, you are not a developer however you need to be able to represent your ideas in a code or even automate some work.

How CTFs helped you?

Capture the flag competitions are a way, not a goal. You should balance your time between CTFs, coding and problem-solving. Give 33% of your time to coding and problem solving while the rest for solving CTFs.

What are the different Cyber Security Jobs on Facebook?

Facebook has many cybersecurity jobs like product security, threat detection, malware analysis and many others. I suggest all talents to check their Facebook Careers page.

Facebook Hiring Process:

The facebook interviewing process is a multistage process which is summarized as below:

  • Send your CV to Facebook Career page. This is the first filter where the interviewers need to decide if you deserve to move to next step or not
  • Phone Interview: this is around 30 minutes call discussing mainly the points mentioned in your CV
  • On-Site interviews: This will be a series of interviews, an average of four interviews that cover different aspects both technically and/or problem-solving skills and others

“The interviewer needs to see your contributions to the cybersecurity community. That’s very important. Did you participate in CTFs? Do you make write-ups for CTF challenges? Do you speak in cybersecurity conferences regularly, did you work in any cybersecurity research before.”Said Mosaad

Learning Resources

1- Books :

Web security

  • The Tangled Web
  • Web hacking 101
  • The Web application hacker’s handbook
  • The browser Hacker’s Handbook
  • SQL injection Attack and Defense
  • XSS Exploits Cross Site Scripting Attacks and Defense.

Mobile security

  • Android Hacker’s Handbook
  • iOS Hacker’s Handbook
  • Android Security Internals
  • iOS Application Security
  • The Mobile Application Hacker’s handbook
  • Hacking and Security iOS Applications

Native Security

  • Secure coding in C and C++
  • Effective Modern C++
  • Hacking: The Art of Exploitation
  • The CERT; C Coding Standard
  • The Art of Software Security Assessment

2- Conferences

Conferences are one of the best sources of knowledge. You don’t have to attend all events but for sure you need to listen to most of the sessions. All conferences release their videos talks few months after the end of them. Some of the conferences that you must see their talks are Defcon, Blackhat, Enigma Conference organized by google, CanSecWest, Cairo security camp, AppSec USA and Europe

3- Competitions/Exercises – Security

Participating in capture the flag competitions is very important.It will help all talents to sharpen their skills in cybersecurity. Below are some of the best CTFs that you can join.

Codegate, CSAW, ASIS CTF, Nuit du Hack

Also, there are some platforms that you can use for practice like

Overthewire, CyberTalents, Pentestit.ru, Rootme, Vulnhub, Pwnable.kr


Leave a reply:

Your email address will not be published.

Site Footer