Security & Compliance Engineer/Developer (SCAP)

Denver, Colorado, United States
Corporate Functions


Posted: Sep 28, 2018
Weekly Hours: 40
Role Number: 114252793
Imagine what you could do here. At Apple, new ideas have a way of becoming great products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. Do you have a passion for securing systems and assuring compliance using automation tools such as SCAP? Do you have a passion for designing and running compliance automation at massive scale? Do you want to design and develop automated security and compliance solutions that will make a material impact on Apple’s security and compliance posture? As a member of our team, you will face many challenges of scale and complexity relating to security and compliance activities. Our security & compliance group is seeking a highly talented and motivated senior developer/engineer to design, build, manage, and support compliance tooling, both new and existing, for the Apple environment. The experienced candidate will help design, deploy and handle tools and infrastructure to tightly integrate multiple compliance mechanisms, take care of increasing the scale and manageable (big data) of security at Apple, as well as participate in other strategic security and compliance service delivery initiatives.

Key Qualifications

  • Experience with STIG and CIS standard methodology baselines
  • Experience with and knowledge of SCAP and XCCDF development using both Oval and SCE
  • Fluent user/sysadmin of the Linux operating system
  • Fluent in at least two scripting languages, such as Perl, Python, Go, or shell (Django, JSP and/or JS a plus)
  • Fluent in one or more object-oriented programming languages, such as Java or C++
  • 3+ years supporting compliance and security in a high volume, critical environment
  • Knowledge of/experience with DevOps tools, processes, and culture
  • Knowledge of security frameworks and tools, exploits and attacks
  • Experience with Version Control softwares (RCS, SVN, Git, CVS,…)
  • Experience with large-scale configuration management tools such as Puppet and Ansible
  • Strong background in Agile development
  • Superior organizational, interpersonal, and communications skills
  • Self-motivated with a self-starter attitude


You are highly creative, self-motivated, and excel in a diversified fast-paced environment. You will design and develop core compliance and security tooling and services that will allow Apple to continue growing at an accelerating pace. These are tools and services that will help secure Apple’s infrastructure. You craft highly effective infrastructure and are able to combine commercial, open source and proprietary components as it applies to the problem at hand. DAY-TO-DAY ACTIVITIES WILL INCLUDE: - Create scripts, XCCDFs, and programs that test and monitor for security and compliance controls - Anticipate and prevent failures - Reduce alerting noise by only alerting individuals when there really is a problem - Build tracking, monitoring and report systems for the resources - Assist with security compliance activities and initiatives

Education & Experience

Bachelor’s degree in Computer Science or in a related discipline

Additional Requirements

  • CISSP, CISA/CISM, GSLC; or ability to obtain them within 6 months of hire