Security Engineer, Wearables (rl)

Meta Meta · Big Tech · Burlingame, CA

Security Engineer for Meta's Reality Labs devices, focusing on securing wearables, VR, and consumer electronics. The role involves building and scaling security capabilities like cryptographic provisioning, vulnerability management, and manufacturing security operations. A key responsibility is architecting an agentic AI automation layer for vulnerability management and driving system design for SBOM and vulnerability lifecycle tooling to meet regulatory requirements. The work spans on-device firmware, backend infrastructure, and AI automation, using languages like Rust, C, C++, and Python.

What you'd actually do

  1. Architect an agentic AI automation layer for vulnerability management that spans detection, triage, and remediation, across a large-scale multi-party codebase and thousands of third-party dependencies.
  2. Drive system design for SBOM (Software Bill of Materials) generation and end-to-end vulnerability lifecycle tooling that satisfies regulatory requirements including FDA pre-market cybersecurity guidance for connected devices and EU compliance obligations.
  3. Influence and align the organization’s vision and strategy, while engaging our teams to develop and deliver specific, multi-year roadmaps, programs, and projects.
  4. Own the technical strategy for securing wearable device bring-up: provisioning cryptographic identities at factory sites, enabling security features through Meta's Product Development Process (PDP), and ensuring only authorized devices can access Meta services
  5. Drive end-to-end security for manufacturing infrastructure: conduct threat modelling to prioritise risks, define infrastructure and cloud security controls and hardening standards, and establish detection and monitoring pipelines that provide continuous visibility into adversarial activity across factory locations.

Skills

Required

  • Experience developing and delivering information on program status for leadership
  • B.S. or M.S. Computer Science, Engineering, or related technical discipline, or equivalent experience
  • Experience leading and managing complex cross-functional programs
  • Experience with exploiting common security vulnerabilities, remediation frameworks, AWS, Threat Modelling, Threat Detection, Security Incident Handling, Infrastructure Hardening
  • 10+ years experience dealing with security issues web programming languages, development practices, and common bug patterns
  • Experience writing software that enables security processes
  • Demonstrated ongoing AI skill development (e.g., prompt/context engineering, agent orchestration) and staying current with emerging AI technologies
  • Experience adhering to and implementing responsible, ethical AI practices (e.g., risk assessment, bias mitigation, quality and accuracy reviews)
  • Experience contributing to the security community (public research, blogging, presentations, etc.)
  • Demonstrated ability to integrate AI tools to optimize/redesign workflows and drive measurable impact (e.g., efficiency gains, quality improvements)
  • Experience with tools and technologies: Rust, C, C++, Python, cryptographic key management and provisioning (HSMs, device identity infrastructure), Code signing, secure boot, and device attestation and SBOM tooling for regulatory compliance

What the JD emphasized

  • regulatory compliance (FDA, EU CRA)
  • satisfies regulatory requirements including FDA pre-market cybersecurity guidance for connected devices and EU compliance obligations
  • agentic AI automation
  • AI automation layer for vulnerability management
  • AI-native vulnerability remediation
  • integrate AI tools to optimize/redesign workflows

Other signals

  • AI automation layer for vulnerability management
  • agentic AI automation
  • AI-native vulnerability remediation
  • integrate AI tools to optimize/redesign workflows