Senior Security Engineer
Singapore, Singapore, Singapore
We’re a diverse collection of thinkers and doers, continually reimagining our products, systems, and practices to help people do what they love in new ways. This is a deeply reciprocal place, where everything we build is the result of people in different roles and teams working together to make each other’s ideas stronger. That same real passion for innovation that goes into our products also applies to our practices, strengthening our dedication to leave the world better than we found it. Our scope includes everything from customer applications like iCloud and iTunes, to enterprise services like retail payment systems that support our physical and online storefronts. We work multi-functionally with teams Apple wide, providing security consulting services and driving new security initiatives. Our talented team of security experts is a key to our success
- You will have experience in manual testing web applications or enterprise penetration testing
- Experience with a scripting language (e.g. perl, python, PHP, ruby) and a programming language (e.g. JAVA, Objective C)
- Proficiency in either Mac OS X and/or other flavors of UNIX Ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback Background in web application development and/or code auditing strongly preferred
- Strong verbal & written skills
- Passion for discovering and researching new vulnerabilities and exploitation techniques
This role supports the 24/7 coverage in a follow-the-sun model that the team provides for: - Identification and remediation of high priority [web] application/environment security issues, including: - Screening potential issues - Providing remediation guidance - Conducting validations of potential fixes or mitigations - Providing risk and impact assessments of vulnerabilities or proposed mitigations - Supporting other 24/7 Information Security teams with application security expertise - This team provides coverage on weekends and weekdays during waking hours in each region. Position hours are 10 hours a day, 4 days a week. Team members need to confident working on certain weekend days. Additional responsibilities may include: - Conducting security architecture review of the full stack including applications built on cloud and emerging technologies - Conducting manual application security testing and source code auditing for a variety of technologies - Providing clear and detailed risk assessment and remediation guidelines for developers and business owners - Conducting penetration testing targeting critical Apple data, services, and environments; reporting underlying security issues and proposing improved security protections - Security research on the latest standard methodologies, trends, threats and vulnerabilities, and technology frameworks - Documenting and disseminating security guidelines for common security issues, remediation mentorship, and security technology baselines - Developing tools and exploits to support application security review and/or penetration testing There may be occasional travel to meet other team members in other regions.
Education & Experience
- BS in Computer Engineering with specialization in Information Security or 4+ years of equivalent, hands-on information security experience in a large enterprise environments a plus. Apple is an equal opportunity employer that is committed to inclusion and diversity. We also take affirmative action to offer employment and advancement opportunities to all applicants, including minorities, women, protected veterans, and individuals with disabilities. Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants.