Penetration Tester

Austin, Texas, United States
Software and Services

Summary

Posted: Oct 9, 2018
Weekly Hours: 40
Role Number: 114357194
Apple is looking for a Penetration Tester to perform network and application security reviews for the Internet Software and Services organization, which includes iTunes, iCloud, Maps, and Siri, among others. Rather than find your thousandth XSS vuln, join us to review innovative code and pen-test systems on a scale you’ll only find at Apple. Here you’ll secure everything from kernel modules to web applications, providing remediations and recommendations on new security features and controls across Apple. You’ll work hands-on with engineers to identify vulnerabilities, assess the security risk of complex systems, and craft creative solutions to keep Apple tight.

Key Qualifications

  • Excited to work with engineers on security features and risk mitigations
  • Passionate about keeping Apple’s customers safe
  • Curious enough to hunt for vulns through large, complex code bases
  • Obsessed with breaking software
  • Able to articulate technical details and risks to lay people
  • 5 years of relevant security experience
  • Deep linux expertise
  • Experience testing low level C components
  • Programming experience in compiled and scripting languages
  • Expertise in common application security tools (fuzzers, proxies, code analysis tools, etc.)
  • Experience attacking cryptographic implementation issues (TLS misconfigurations, etc.)
  • Networking experience

Description

You’ll be breaking (white and black box): Web applications Mobile applications Low level networking components Crypto services Container environments Linux kernel modules Lots of other interesting technologies we can’t include here You’ll be designing: Creative solutions to complex security issues Security tools and services Security automation solutions Threat models for products and environments

Education & Experience

Bachelors degree in Computer Science / Engineering with emphasis in security related fields (or equivalent experience) Certs like OSCP, OSCE, OSEE, etc. beneficial but not necessary Bonus points for community contributions like public CVEs, bug bounty recognition, open source tools, blogs, etc.

Additional Requirements

  • Python, OEL 6, Netscaler, ESXi, Isilon, netapp systems, Cisco familiarity