Job Details

Role Number: 200641117-3956

Summary

We are seeking an exceptional and highly experienced Security Engineer to play a pivotal role in shaping the design and ensuring the robust security of our most critical applications and foundational infrastructure.

In this high-impact role, you will lead sophisticated threat modeling exercises, conduct comprehensive application security assessments, and perform advanced penetration testing that meticulously emulates real-world adversary tactics. Beyond assessments, you will drive innovation by developing tools to streamline threat modeling and proactively mitigate emerging risks across our vast ecosystem.

Our scope spans across Apple and includes customer-facing and internal corporate applications. Our team is primarily responsible for supporting highly critical foundational infrastructure and security services. We work cross-functionally with teams Apple-wide, providing security consulting services and driving new security initiatives. Our hardworking team of security professionals is key to our success.

Description

As an Engineer in Apple Information Security, you will:
* Perform full-stack security architecture reviews, encompassing cloud-native and emerging technologies.
* Conduct manual application security testing and source code auditing across diverse technologies, providing clear and detailed risk assessments and remediation guidelines for developers and business owners.
* Conduct penetration testing targeting critical Apple data, services, and environments. Report underlying security issues and propose enhanced security protections.
* Conduct in-depth security research on the latest industry best practices, emerging trends, threats, vulnerabilities, and technology frameworks.
* Develop and disseminate comprehensive security guidelines, remediation guidance, and security technology baselines for common issues.
* Develop custom security tools, exploits, and products to improve threat modeling, application security reviews, and penetration testing capabilities.
* Research and develop tools to improve static analysis framework capabilities (e.g. accuracy, coverage, and efficiency of detections).

Minimum Qualifications

• Extensive experience in designing, reviewing, and implementing secure architectures for complex applications and infrastructure.

• Extensive experience manually testing web applications and/or enterprise penetration testing.

• Extensive experience with a scripting language (e.g. Python, PHP, Ruby) and a programming language (e.g. Java, Swift, C).

• Proficiency in some form of UNIX.

• You have the ability to explain basic networking concepts (routing, ACLs, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback.

• You have a background in web application development and/or code auditing.

• You have strong verbal and written interpersonal skills.

• You have a real passion for discovering and researching new vulnerabilities and exploitation techniques.

• You are deeply accountable for your work.

• You are upbeat, adaptable, and results-oriented with a positive attitude.

• BS in Computer Engineering with specialization in Information Security or 4+ years of equivalent, hands-on information security experience in a large enterprise environments a plus.

Preferred Qualifications

• Experience with offensive and automation tool development.

• Experience with vulnerability scanning tools: network, SAST, and DAST.

• Familiarity with testing services that employ AI/LLMs and the OWASP Top 10 for LLMs.

• Experience leveraging AI/LLMs for security testing and automation.

• Experience with one or more public cloud services (e.g. AWS, GCP, AliCloud).

• Experience with Kubernetes and container security.

• Experience with common authentication protocols (e.g. SAML, OIDC).

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) .