Apple Media Products (AMP) - DevSecOps Software Engineer
London, Greater London, United Kingdom
Software and Services
Apple Media Products Engineering are the team behind high profile services such as the Apple Arcade, Apple Music, Apple TV+ and more. The people here at Apple don’t just build products — they build the kind of wonder that’s revolutionized entire industries. It’s the diversity of those people and their ideas that encourages the innovation that runs through everything we do, from amazing technology to industry-leading environmental efforts. Join Apple, and help us leave the world better than we found it. Here at AMP Delivery Engineering our mission is to improve every software engineer’s life at Apple Media Products by building innovative tools. We’re looking for a highly motivated engineer to join our team and craft the security future of AMP Services. You will improve the security and reliability of internet services used by hundreds of millions of users. You’ll analyze how software is authored, tested, built and deployed and improve all aspects of the process - with a focus on security. You’ll adapt open source security and testing tools and write new ones.
- Experience in web application security, SSDLC & Threat Modeling
- Deep understanding of web application security threats, exploits, prevention
- Ability to prioritize, reproduce, recommend remediations and implement fixes for vulnerabilities
- Experience in penetration testing, vulnerability scanning, SAST and DAST
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of test automation frameworks and how they can be brought to bear for security QE
- Proficiency in networking concepts (firewalls, load balancers, etc)
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Experience securing infrastructure in public cloud (e.g. AWS, Azure, Google Cloud)
- Having a background in web application development and/or code auditing strongly preferred
- Several years of experience in Java required - additional experience in the programming languages Scala, Ruby, Python or Perl are a plus
- Practical experience building and testing RESTful services.
- Proven experience architecting, developing and deploying internet-scale, distributed and mission critical services is a plus.
- Hands on experience with Build & Deploy technologies such as Maven, Gradle, Jenkins, Artifactory, Sonarqube, GIT, Github Enterprise.
- Experience with cloud technologies such as Docker, Kubernetes, Helm and Spinnaker.
Would you like to improve the security and reliability of internet services used by hundreds of millions of users? Here at AMP Delivery Engineering our mission is to improve every software engineer’s life at Apple Media Products by building innovative tools that increase the levels of quality and security in the Software Development Life Cycle (SDLC). A strong culture of security testing and review needs to be cultivated and maintained in order to accomplish this. This role focuses on integrating security measures and tools into our in- house CI/CD automation. Candidates should be passionate about automated security testing and continuous deployment. You’ll analyze how software is authored, tested, built and deployed and improve all aspects of the process - with a focus on security. You’ll adapt open source security and testing tools and write new ones, then measure the efficiency of your efforts by customer productivity and the safety in their code. OUR DEVSECOPS ENGINEERS ARE RESPONSIBLE FOR: - Conducting security assessments, architecture reviews, threat modeling of the application stack, including applications built on cloud and emerging technologies - Designing and developing platform level solutions to promote security related initiatives and improvements. - Reviewing source code for potential security issues, recommend and implement fixes. - Helping manage and triage findings from security tools and static and dynamic scanners - Pen testing against our applications, services, and environments - Research the latest security standard methodologies, trends, threats and vulnerabilities and technology frameworks - Work with developers to provide security guidance and mentor them as necessary. - Actively promote improving the security culture and education within the organization.
Education & Experience
Bachelors or Master’s degree in Computer Science, Mathematics, or meaningful industry experience preferred