Application Security Engineer
San Francisco, California, United States
Software and Services
Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. Would you like the stimulation and challenges of building a world-class, extraordinary scalable commerce platform? Then this is the opportunity for you at Apple! We strive to provide a flawless purchase and subscription experience for our for millions of customers and developers. We are looking for a self-starting, energetic individual who is not afraid to question assumptions or charge head-first into gray areas. Excellent written and oral interpersonal skills are a must to collaborate in our multi-functional environments. The ideal candidate should have several years experience developing large-scale web-based applications using object-oriented languages. Excellent understanding of relational databases and data-modeling techniques are needed, and Cassandra or other NoSQL knowledge are a plus. We are primarily a Java shop.
- 3+ years of experience in web application security, SSDLC, Threat Modeling
- Deep understanding of web application security threats, exploits, prevention
- Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
- Experience in penetration testing, vulnerability scanning, SAST and DAST. Familiar with tools and technologies used.
- Passion for understanding and researching vulnerabilities and exploitation techniques
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of test automation frameworks and how they can be brought to bear for security QE
- Proficiency in networking concepts (firewalls, load balancers, etc)
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Keeps up with industry trends in security technology and threats
- Experience securing infrastructure in public cloud (e.g. AWS, Azure, Google Cloud)
- Having a background in web application development and/or code auditing strongly preferred
- Ability to work in a self directed environment that is highly collaborative and cross functional
Conducting security assessments, architecture reviews, threat modeling of the application stack, including applications built on cloud and emerging technologies Design and develop platform level solutions to promote security related initiatives and improvements. Review source code for potential security issues, recommend and implement fixes. Write security test cases to check for vulnerabilities or broken/missing security controls Providing specific risk assessment and remediation guidelines for developers and business owners Helping manage and triage findings from security tools and static and dynamic scanners Conduct penetration testing against our applications, services, and environments; reporting underlying security issues and proposing appropriate security controls Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks Document and disseminating security guidelines for common security issues, remediation guidance, and security baselines Work with developers to provide security guidance and mentor them as necessary. Actively promote improving the security culture and education within the organization.
Education & Experience
B.S. degree in Computer Science. M.S. preferred.