Apple Information Security, Senior Assessor (Engineer)

Summary

Posted: Oct 23, 2024

Role Number:200575242

We bring amazing people together to make amazing things happen! We’re a diverse collective of problem solvers and doers, continuously reimagining our products and practices to help people do what they love in new ways. That innovation is inspired by a shared commitment to great work — and to each other. Because learning from the people here means we’re learning from the best. Apple is seeking a highly skilled and technically proficient Information Security Assessor (Engineer) to join its Apple Information Security SPAN organization within the Supplier Trust function. The ideal candidate will possess an extensive technical background in Information Security, with substantial experience in conducting end-to-end security assessments that span from risk identification to remediation implementation.

Description

In this role, you will work with a global team of security professionals to assess, analyze, and strengthen the security posture of Apple’s critical manufacturing and corporate suppliers. You will be responsible for conducting in-depth vulnerability assessments, performing technical audits, and utilizing advanced tools and methodologies for threat detection, network traffic analysis. Your expertise in security frameworks (e.g., NIST, ISO 27001) and automated scripting (e.g., PowerShell, Python) will be critical in identifying vulnerabilities and implementing technical remediation strategies to secure the supply chain. Your contributions will help safeguard Apple’s customers, brand, and data by ensuring suppliers adhere to strict security controls, mitigating risks across the entire supply chain. This role offers a unique opportunity to work on cutting-edge technologies, participate in network security reviews, and develop automated solutions with a worldwide impact, enhancing the security of Apple’s global operations.

Minimum Qualifications

• Ability to evaluate, conduct security assessments and monitor security posture of third-party Suppliers.
• Proven experience in handling and conducting large-scale security remediations with track record of effective threat mitigation.
• Ability to provide guidance to Suppliers on mitigating risks posed due to open Information Security gaps in assessment reports.
• Skills to deliver recommendations and timely updates to management on the risk level of Suppliers.
• Experience working with large-scale, globalized, multi-lingual business environments.
• Experience with Wireshark, tcpdump, NetFlow, or other tools for analyzing and troubleshooting network traffic.
• Hands-on experience with security tools like Nmap, Nessus, Burp Suite, or Metasploit.
• Familiarity with SIEM, IDS/IPS, firewalls, and endpoint protection solutions.
• Knowledge of security frameworks such as NIST, ISO 27001, SOC 2, or similar.
• Ability to develop security metrics to track efficiency of controls and remediation efforts and generate reports for management on insight of organization’s security posture.
• Ability and skills to ensure all security assessments and remediation activities are aligned with relevant regulatory requirements and industry standards.

Preferred Qualifications

• Outstanding communication skills and attention to details on sophisticated issues within various cultural settings.
• Strong personal leadership traits such as self-accountability, priority management, and pride in work.
• Relevant industry certifications such as CISSP, CISM, CRISC, CEH or OSCP.
• Knowledge in PowerShell, Python, or similar scripting languages for automation and network tasks.
• Knowledge to interpret and analyze network data from traffic analysis tools and system audits.
• Familiarity with supply chain security and vendor risk management.
• Familiarity with cloud security tools and environments (e.g., AWS, Azure).
• Knowledge of data privacy regulations such as GDPR, CCPA.
• Knowledge with DevSecOps and security automation practices.
• Outstanding professional working proficiency in different languages.