Connecting job seekers with genuine opportunities — always free to apply Post a Job Free →

Application Security Engineer

Meta

Full-time Hybrid United States

Job Description

About This Role

Meta is hiring an Application Security Engineer to protect its platforms and the billions of people who use them. You will partner with product and infrastructure engineering teams to identify, assess, and remediate security vulnerabilities — and build the tooling that prevents them from recurring.

Job Overview

  • Job Title: Application Security Engineer
  • Company: Meta
  • Location: Menlo Park, CA / New York, NY / Seattle, WA / Washington, DC / Austin, TX
  • Job Type: Full-time
  • Experience Level: Mid-level (2–5 years)
  • Salary Range: $55–$72/hr
  • Posted Date: 2026-06-01
  • Application Deadline: 2026-07-01

Role Context

Meta's security engineers are embedded within product and infrastructure teams rather than sitting in a centralized security silo. You will conduct security design reviews, threat modeling, and code-level audits for features being shipped to billions of users. The expectation is to shift security left — catching issues during design and build, not just in testing or production.

Key Responsibilities

  • Conduct security design reviews and threat modeling for new product features
  • Perform code audits to identify vulnerabilities including injection, auth bypass, and logic flaws
  • Develop automated security testing tools and scanners to scale security coverage
  • Respond to vulnerability reports from Meta's bug bounty program and triage findings
  • Consult engineering teams on secure coding practices and framework-level mitigations
  • Define security requirements and contribute to internal security standards

Requirements & Skills

  • 2+ years in application security, penetration testing, or secure software development
  • Strong understanding of web and mobile security vulnerabilities (OWASP Top 10 and beyond)
  • Coding experience in Python, JavaScript, PHP, or similar — enough to audit and write exploits
  • Familiarity with authentication protocols (OAuth 2.0, SAML, OIDC)
  • Experience with static analysis tools (SAST) or dynamic testing (DAST, fuzzing)
  • Ability to communicate security risk clearly to non-security engineers and leadership

Benefits & Work Conditions

  • $55–$72/hr with RSUs and semi-annual performance bonuses
  • Hybrid work model with remote flexibility
  • Security conference attendance and research time budget
  • Full health, dental, vision, and mental health benefits
  • $3,000 annual education and wellness reimbursement

Who Should Apply

Security engineers who are as comfortable reading source code as they are thinking like an attacker. You care about protecting real users at scale, enjoy building tools as much as finding bugs, and want to work in an environment where your security expertise directly shapes how products are built.

About the Company

Meta runs one of the most active bug bounty programs in the industry and employs hundreds of security engineers across application, infrastructure, and privacy domains. Its security teams operate with a high degree of autonomy and direct access to engineering leadership.

How to Apply

Apply through Meta Careers. Search "Application Security Engineer." The interview includes a technical security assessment, a system design or threat modeling session, and a behavioral discussion.

Job Details

Salary $55 – $72 / month
Job Type Full-time
Work Mode Hybrid
Location Menlo Park, CA
New York, NY
Seattle, WA
Washington, DC
Austin, TX
Apply Before Jul 03, 2026
Important: We never charge any fee at any stage of the hiring process. If anyone asks for money, report it to [email protected].
Apply on Company Website
Similar Jobs

No similar jobs found.