I only use Indeed.com so that my info is only siphoned from one place. I feel like they have good listings and they have options to hide some of your info from employers and random observers. Avoid linkedin at all costs, having a profile has gotten me zero benefits and it is an extreme pain deleting your account.
You can also take steps to protect your contact info, specifically your email/phone/address. I only put the city I’m from on my resume and you can use email masks or alts like firefox relay or protonmail plus, or just make a separate email only for work. For phone numbers I use JMP.chat to give me a second number to use solely for work and Indeed.
In the end a lot of your work info is gonna be pseudo-public, because you do need to convince prospective employers of who you are, but you can control the sphere of that information to keep it confined. Imo, having a stable job is worth that trade; you don’t have to do a deep dive into your personality or personal life to get a job. Just enough to be convincing
I second CalyxOS, been using it for about a year now and I think it’s a good compromise between privacy and convenience. Is it the absolute most secure and private? Maybe not, but my threat model is low and I don’t mind trading a little bit of privacy for a bit of ease of use.
With firefox or a hardened fork of firefox (like mull/fennec/iceraven etc.) there is a button in settings where you can install/add to homescreen and have an app-like experience for any site including instagram. (Not sure if this is on ios though.) You can also have noscript, ublock origin, and privacy badger addons running for a bit of extra protection and as you said email alias and vpn at all times. If you’re on a hardened OS like CalyxOS or Graphene you can also sandbox or work profile the browser to add another degree of separation.
You may run into problems during signup because meta has been known to use viseo/photo upload verification for accounts made with alias emails and/or from a vpn IP, but once you’re in there shouldn’t be an issue. If there is, you might want to bite the bullet and sign up in a normal way, then use privacy measures to mitigate data collection, depending on your threat model.