Monday, Jan 30 2017

Why Facebook is Hiring an Offensive Security Engineer. Should You?

Written by

7 facebook


Sometimes the best defense is a good offense. And Facebook is hiring both.


When most companies think of security, they focus on hiring IT professionals that can stop attacks in their tracks. Often, it requires a combination of skills aimed at limiting penetration, closing backdoors, and monitoring for intrusions. While all of these tasks are important to overall security, it does lack one key thing: an attacker.


Businesses are often only made aware of vulnerabilities when one is taken advantage of. That means the majority of security operations are reactive in nature. But some organizations have chosen a more proactive approach by hiring penetration experts to test their systems intentionally.

Role of the Internal Attacker

The purpose of an offensive security engineer is to act as an attacker in these scenarios. Their job is to try and make it through security mechanisms just as a hacker would. However, since they are employees of the company, they don’t focus on damage after the fact. Instead, they create their reports, record their techniques, and work with other security personnel to make sure someone outside of the business can’t get in the same way.


Often, the process of breaking into these systems and working your way past security measures is called penetration testing. Essentially, it is determining whether security measures are sufficient by blatantly trying to prove they aren’t.

Not a New Profession

Penetration testing isn’t new to the IT security world. In fact, some companies have been using outside services for this purpose for years. The difference isn’t in the process, but who ultimately employs the hacker-for-hire.


Many businesses who used to outsource the function have decided to bring professionals on-staff instead. In some cases, the reasoning behind the change is the ability to bring on staff who can do more than penetration testing. That way you can essentially have a hacker on-call while still finding more value in their work. Other organizations prefer to keep the privacy associated with internal testing.


Even if a third-party signs appropriate confidentiality agreements, some businesses are inherently nervous about outsiders getting in. By keeping an offensive security engineer on staff, that role can be completed by an employee instead.

Offense and Defense Go Hand-in-Hand

Creating a strong defense requires a solid understanding of the offense side of the equation. By having both sides represented by employees, businesses have the chance to allow each side to learn from one another. This can lead to stronger defenses based on more capable offenses, and that cycle can continue indefinitely.


If your company could benefit from an offensive security engineer or you’re filling any other IT vacancies, the professionals at The Armada Group can help you find the candidates you need. Contact us today and see how our recruitment specialists can work for you.