Security Engineer

Summary

Posted: Dec 17, 2024
Weekly Hours: 38
Role Number:200583493

Security Engineering & Architecture (SEAR) is at the core of Apple’s product security strategy and we’re fanatical about protecting our users. We are building a new team to defend our most valuable security boundaries and mitigations by bringing new data-driven insights delivered at scale. We're looking for an outstanding Security Engineer to join our small, fast-paced team to help implement our renewed strategy to achieve continuous security policy enforcement and rapid regression detection. As a Security Engineer, you will design and develop security automations to support the rollout of new security technologies, and uphold the effectiveness of existing security boundaries and mitigations. The role is expansive covering opportunities for impact across the entire software development lifecycle. When it comes to securing more than a billion devices running the world's most sophisticated operating systems, continuous security assurance is paramount. Can you make a difference on this scale? Join our extraordinary team of security engineers and help protect all Apple users.

Description

You will be part of the foundational team who partner with security engineering teams, to determine the data-driven insights and automations we need to build, to enforce security invariants and policies, in a continuous fashion, in order to provide high confidence in the integrity of our frontline mitigations and boundaries. Once regressions or violations are detected, the team is also responsible for ensuring we’ve built the right relationships, agreements and processes to efficiently get these fixed as quickly as possible. We're a small team of passionate engineers who thrive in a fast-paced environment, driven by unique and novel challenges, and deliver things that go beyond what traditional automation could do. You will be working alongside a wide variety of teams and your influence will be felt throughout Apple's extraordinary products, including: the iPhone, Apple Vision Pro, Mac and Apple TV. We’re looking for someone with a strong understanding of security engineering principles, software delivery, and secure SDLC; and an understanding of the engineering challenges, organisational dynamics, and the process trade-offs of building a continuous security capability. If you enjoy creative, critical and independent thinking, we’ve love to hear from you. The job is as diverse as it is essential. Your responsibilities will also include harnessing a vast array of available build data (dynamic and static) to derive meaningful security insights, learning how our software is built end-to-end at Apple to determine the most impactful intervention points, partnering with infrastructure engineers to get your automations deployed to production, and helping engineers that work on Apple products to make better - more secure - choices during development. This position may require some travel to other Apple sites, vendors, and security conferences.

Minimum Qualifications

• Proven experience building and integrating security-enforcing controls across the full software lifecycle
• Programming background in Python, Swift, C, C++, and/or Objective-C
• Knowledge of OS security fundamentals including contemporary mitigation techniques and vulnerability classes
• Exceptional ability to communicate clearly and effectively about technical topics (verbal and written)

Preferred Qualifications

• Knowledge of macOS and iOS security architectures
• Knowledge of observability tools and techniques
• Experience building visualisations for complex technical information
• Enthusiasm for new technologies and growth
• Experience driving security projects to identify software regressions
• Experience with CI/CD integrations, binary analysis, telemetry analysis, build verifiers, IDE and compiler security plug-ins and/or engineer security training