Security Engineer, Engineering Solutions
Austin, Texas, United States
Software and Services
The Engineering Solutions team is tasked with building components and applications for both internal use as well as external customer use. This position will be responsible for implementing standardized security practices across the varied teams that are part of this IS&T division. We are looking for an individual with a background in Security, especially running security programs, project management abilities and application security. The position will require multi-functional engagement with the Apple Information Security teams, excellent influencing abilities and interpersonal skills.
- 3+ years of experiences in security fields, including web applications testing and threat modeling.
- Lead security projects by setting priorities and measurable objectives, multi-functional dependencies, planning, scheduling, communication, implementation, and subsequent monitoring and reporting on the process, progress and results.
- Extensive hands on experiences with security tools like Nessus, Fortify, Webinspect, Checkmarx, Burp etc.
- Strong knowledge in current security threats, trends, and mitigation.
- Passion for discovering and researching new vulnerabilities and exploitation techniques.
- Passionate about securing Apple’s products & customers.
- Excellent at collaborations, influencing and creating a strong team environment. Effective time management and prioritization skills.
- Strong communication skills both verbal and in writing
- Able to discuss risk assessments with audiences of various technical & business backgrounds. Demonstrated ability to work in a matrix environment, and ability to influence at all levels. Comfortable with fast-paced, schedule driven development
- Experience integrating security practices into product focused engineering teams
- Ability to identify gaps in security focused tooling & lead a peer group through project planning, scheduling, and execution.
- Programming skills in Java, Objective C or similar languages a plus
- Ability to explain security concepts and standard methodologies in order to participate in application architecture reviews.
- Ambitious and proactive with demonstrated creative and critical thinking capabilities.
You will participate in multi-functional work teams with Apple Information Security, Legal, HR, and Operations to understand new initiatives and changes in PCI/PII/SOX policies, which will need to be integrated into our workflows. Assist in the review of vulnerabilities found during regular scanning and penetration testing with application/infrastructure owners. Report to management on ongoing status of the projects, and serve as advocate of recommended remediation to mitigate risk to other teams within the organization. Work on org vulnerability management to help teams understand security vulnerabilities, to perform risk analysis and prioritize to schedule patching activities, collaborate with other teams to establish security protocols. Work with application engineering, infrastructure, AIS and corporate compliance teams to evaluate risks of our applications Run projects across multiple teams to make sure the applications go through security reviews. Extend the utilization of security testing team to all application teams under Engineering Solutions, and track the effectiveness of their work against the results of the formal reviews. Conduct application security testing and source code auditing for a variety of technologies as needed. Work with compliance and internal audit teams to help application teams through regulatory audit, and track compliance and vulnerability management tickets to have them closed before deadline. Provide clear and detailed risk assessment and remediation guidelines for developers and business owners. Report underlying security issues and propose enhanced security protections. Work on information security related projects, compliance auditing and any new security related initiatives. Identify process gaps, and opportunities for automation to reduce the weak points in the notification and tracking processes.
Education & Experience
Bachelor's degree(B.S) or Masters (M.S) in Computer Science, Engineering or related field with 2 years experience
- Security research on the latest best practices, trends, threats, vulnerabilities, and technology frameworks.
- Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
- Developing tools and exploits to support application security review and/or penetration testing. Work multi-functionally with teams providing security consulting services and driving new security initiatives.