Application Security Lead, Ad Platforms
Santa Clara Valley (Cupertino), California, United States
Software and Services
At Apple, we work every day to create products that enrich people’s lives. The Advertising Platforms group makes it possible for people around the world to easily access informative and imaginative content on their devices while helping publishers and developers promote and monetize their work. Our technology and services power ads in Apple News and Search Ads in the App Store. We are seeking an expert application security engineer who is passionate about protecting critical internal and customer-facing applications and APIs.
- Deep understanding of application security patterns including web application security (SQL Injection, XSS, CSRF, platform hardening, etc)
- Passionate about Application Security with 5+ years of meaningful experience
- Proficient knowledge of SQL
- Proficient with a scripting language (e.g. Perl, Python, Bash, etc).
- Proficiency with Java
- Real passion for understanding and researching vulnerabilities and exploitation techniques
- Knowledge of development, integration, and deployment tools and technologies, especially security aspects of these tools including static code analysis and screening for common vulnerability and exposures.
- Proficiency in networking concepts (firewalls, load balancers, etc)
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption of data at rest, SSL/TLS, hashing, authenticated encryption, key derivation algorithms, symmetric vs asymmetric ciphers, block vs stream ciphers, etc)
- Experienced knowledge of common web application vulnerabilities and ability to triage/verify OWASP Top 10 issues
- Strong knowledge of industry trends in security technology
- Confirmed proven communication and interpersonal skills
- You have the ability to thrive in a high-pressure environments and crisis situations
- Ability to multi-task, handling multiple projects at once, and drive for results independently
- You know how to drive projects to a goal when strategies and tactics have not yet been defined
- You can partner with individuals at all levels in the organization and teams with varying levels of security expertise
- Prior experience and consistent track record leading multiple projects at a time
- Highly motivated individual and a dedicated learner
As an app security engineer, you will collaborate with engineering leaders, developers, quality engineers, and security teams to secure Ad Platforms’ applications and services, present and future. Your responsibilities will include assessing the risk landscape for our applications and services implementing risk mitigation strategies. You will work with partner teams on security tools, penetration, and security testing methodologies to keep Ad Platforms services tight. You will experience a rapidly evolving technology and threat landscape and contribute to the education of teams on secure application design, development, and testing. You should expect to be exposed to a broad range of systems, including web applications, distributed processing, and virtualized environments. RESPONSIBILITIES INCLUDE Conducting security architecture reviews of the full stack including applications built on cloud and emerging technologies Conducting application security testing and source code auditing for a variety of technologies Providing clear and detailed risk assessment and remediation guidelines for developers and business owners Conducting penetration testing targeting critical Ad Platforms data, services, and environments; reporting underlying security issues and proposing enhanced security protections Security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines Developing tools and exploits to support application security review and/or penetration testing Identify areas that are ripe for improvement and establish appropriate security goals Influence and collaborate with the organization to develop secure solutions and to accomplish stated security goals
Education & Experience
BSCS Apple is an Equal Opportunity Employer that is committed to inclusion and diversity. We also take affirmative action to offer employment and advancement opportunities to all applicants, including minorities, women, protected veterans, and individuals with disabilities. Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants.