Austin, Texas, United States
Software and Services
Imagine what you we could do together. At Apple, new ideas have a way of becoming excellent products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. The Identity Management Services (IdMS) team at Apple is a high-performance client & server engineering team responsible for building large-scale systems that supports Apple’s customer facing services such as iCloud, iTunes, Messages, FaceTime, Online store and others. You’ll join a team of engineers who are dedicated to development & security of world’s most advanced consumer devices. Our products are trusted for storing personal data, and our goal is to better safeguard our users. We're looking for hardworking and inspired individuals to help raise the bar on the security of Apple's products!
- Passionate about keeping Apple’s customers safe
- Thorough understanding of potential attack vectors such as XSS, injection, hijacking, social engineering, and so on.
- Thorough understanding of cryptographic primitives and their underlying principles. Experience digging into cryptographic implementation issues (TLS misconfigurations, etc.)
- Demonstrate experience in Information Security with focus on Incident Response, Security Engineering, and/or Intrusion Detection.
- You will have experience with analysis of network traffic and usage of Deep Packet Inspection tools
- Demonstrated an understanding of Incident Response, Cyber Kill Chain, Threat Modeling, and Attack Vectors.
- Knowledge of CVEs and recent security vulnerabilities.
- Ability to analyze malware and obfuscated code.
- Knowledge of web application vulnerabilities with ability to triage/verify OWASP Top 10 issues.
- A good working knowledge of various security technologies such as network and application firewalls, host intrusion prevention and anti-virus etc.
- You have a solid knowledge of computer networks and common protocols: TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, HTTP, and etc. as well as their underlying implementations.
- Thorough understanding of Content Delivery Networks and their integration into applications.
- Basic programming proficiency, sufficient to write and execute scripts from the command line.
- Active in the security community. Regularly attends meet-ups or conferences.
- Excellent communication skills. Ability to translate complex ideas into simple solutions on paper.
- An ability to work under pressure, particularly when taking care of threats and at times of high demand.
As System Security professionals, we are looking for individuals who take initiative in preventing and mitigating security breaches that may arise from vulnerabilities in computer systems. This field covers a range of areas of expertise, including information security, network security, and mobile security. The individual must “think like a hacker” in order to anticipate the main vectors of likely attack by malicious outsiders. They should have a keen eye for the most minute details, plus a well-rounded and in-depth knowledge of computer systems and the tools of the trade. YOU’LL BE BREAKING (WHITE AND BLACK BOX): Web applications Mobile applications Low level networking components Crypto services Container environments Linux kernel modules YOU’LL BE DESIGNING: Creative solutions to complex security issues Security tools and services Security automation solutions Threat models for products and environments
Education & Experience
Bachelors degree in Computer Science / Engineering with emphasis in security related fields (or equivalent experience) Certs like OSCP, OSCE, OSEE, etc. helpful but not necessary Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, etc. are a plus