SEAR - Senior Security Researcher
Santa Clara Valley (Cupertino), California, United States
Software and Services
Apple’s Red Team believes the best defense is a good offense. When it comes to securing the world's most advanced operating systems, that means finding vulnerabilities first. We're looking for a talented and inspired individual to join our crack group of security engineers to attack Apple's products before they ship, with the goal of better safeguarding our users. You’ll become part of an exceptional team focusing on securing low level technologies such as the iOS and OS X kernel, boot ROMs, firmware, hardware, and basebands. Rooted in the Security Engineering and Architecture organization, you’ll be working with a wide variety of teams and vendors. Your influence will be felt throughout Apple's extraordinary products, such as the iPhone, iPad, Mac and Apple TV. Not only will you be tasked with identifying threats in advance, you'll also be directly involved in Apple's response to critical issues as they arise. From reverse engineering an exploit, providing insightful analysis and creating innovative tools, consulting with other teams on both hardware and software, auditing code and reviewing designs, the job is as diverse as it is critical.
- A proven track record in finding security vulnerabilities in shipping products.
- Programming background, in C, C++, and/or Objective-C.
- Proficiency with assembly languages, ARM a big plus.
- Familiarity with modern processor architecture.
- Background in secure coding best practices and code auditing.
- Have an understanding of past, current, and emerging security exploit types.
- Proficiency in scripting language(s).
- Proficiency in either Mac OS X or other flavors of UNIX.
- Have the ability to track and manage numerous parallel activities.
This position requires someone with strong technical strengths and a passionate desire to secure systems by showing how they can be broken. Is there any gadget in your home you have not disassembled? Do new security techniques lead not to despair, but insomnia in the pursuit of an exploit? Do you take delight in the reaction of a previously security unconscious engineer when showing how their code leads to a buffer overflow? If so, this may be the job for you. We're looking for someone who will.... - Develop fuzzers and other automated tools for vulnerability finding. - Provide security design consulting to other teams. - Assist with audit of security critical code and hardware. - Reverse engineer malware.
Education & Experience
BS in Computer Science or equivalent experience/skills
- The following are desired, but not required:
- - Experience creating working proof of concepts from found vulnerabilities on systems with advanced anti exploitation measures (NX/XN, ASLR etc). Experience designing and architecting systems with security in mind.
- - Native code experience in Objective-C, C++, or Swift is a plus