Sr. Security Architecture Engineer

Santa Clara Valley (Cupertino), California, United States
Software and Services

Summary

Posted:
Role Number: 200112087
Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. Apple has an opportunity for a Sr. Security Architecture Engineer. In this role you will conduct architecture security reviews, threat modeling, application testing, and penetration testing modeled after real world attackers (i.e., exploit and pivot). The focus of this role will be ensuring secure architecture and standard methodologies are followed and engaging in threat modeling with teams to address risks. Our scope includes everything from customer applications like iCloud and iTunes, to enterprise services like retail payment systems that support our physical and online storefronts. We work multi-functionally with teams Apple wide providing security consulting services and driving new security initiatives. Our talented team of security experts is a key to our success.

Key Qualifications

  • You have experience with Software and\or Security Architecture reviews
  • Experience with Threat Modeling and use of Threat Modeling tools and frameworks
  • Experience manually testing web applications or enterprise penetration testing
  • Experience with a scripting language (e.g. perl, python, PHP, ruby) and a programming language (e.g. JAVA, Objective C)
  • You are proficient in either Mac OS X and/or other flavors of UNIX
  • You have the ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback
  • You have a background in web application development and/or code auditing strongly preferred
  • You have Strong verbal & written social skills
  • You have the ability to interact with diverse teams and explain security issues and concepts clearly
  • You have a real passion for discovering and researching new vulnerabilities and exploitation techniques
  • You are deeply accountable for your work
  • You are upbeat, adaptable, and results oriented with a positive attitude

Description

We conduct security architecture review of the full stack including applications built on cloud and new technologies. We conduct threat modeling exercises with application teams during the full SDLC. We conduct manual application security testing and source code auditing for a variety of technologies. Provide clear and detailed risk assessment and remediation guidelines for developers and business owners. We Conduct penetration testing targeting critical Apple data, services, and environments. Report underlying security issues and propose enhanced security protections. - Security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks - Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines - Develop tools and exploits to support application security review and/or penetration testing

Education & Experience

BS in Computer Engineering with specialization in Information Security or 4+ years of equivalent, hands-on information security experience in a large enterprise environments a plus.

Additional Requirements