Senior Application Security Engineer
Seattle, Washington, United States
Software and Services
Apple Media Products (AMP) has been leading the digital media industry by constantly developing innovative features since its launch in April 2003. This includes the incredibly successful App Store, iTunes, Apple Music, and more. We are looking for a self starting, energetic individual who is not afraid to question assumptions and with excellent written and oral communication skills. The candidate should have experience developing large-scale systems. The ability to be a good team player under tight deadline constraints in addition to ability to tackle problems with imaginative solutions is key to success in this position.
- 3+ years of experience in web application security, SSDLC, Threat Modeling
- 5+ years crafting, implementing and supporting highly scalable backend applications
- Deep understanding of web application security threats, exploits, prevention
- Deep understanding of HTTP and REST APIs
- Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
- Passion for understanding and researching vulnerabilities and exploitation techniques
- Proficiency in networking concepts (firewalls, load balancers, etc)
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Keeps up with industry trends in security technology and threats
- Ability to craft and establish secure coding patterns/standards across multiple code repositories
- Experience securing infrastructure in public clouds (e.g. AWS, Azure, Google Cloud)
- Familiar with tools and technologies used in penetration testing, vulnerability scanning, SAST and DAST.
- Ability to work in a self directed, fast paced environment, that is highly collaborative and cross functional projects that are high profile and critical to the Apple Media Products services (App Store, Apple Music, etc)
- Strong experience with Java and the Java ecosystem
- Mentor team members on writing code that is efficient, maintainable and testable.
- Experience with NoSQL & technologies like Cassandra preferred.
As a Security Engineer in the Infrastructure team, you will: Be designing, developing and deploying large scale services and platforms. Conducting security assessments, architecture reviews, threat modeling of the application stack, including applications built on cloud and emerging technologies. Design and develop platform level solutions to promote security related initiatives and improvements. Review source code for potential security issues, recommend and implement fixes. Write security test cases to check for vulnerabilities or broken/missing security controls. Providing specific risk assessment and remediation guidelines for developers and business owners. Conduct penetration testing against our applications, services, and environments; reporting underlying security issues and proposing appropriate security controls. Believe in automation and tooling as a critical part of the software lifecycle. Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks. Document and disseminating security guidelines for common security issues, remediation guidance, and security baselines. Be a team mate, a leader, a student, and a mentor. Work with developers to provide security guidance and mentor them as necessary. Actively promote improving the security culture and education within the organization. Be eager to learn new technologies and solutions. Be curious about how systems work and how they fail, design them to be sustainable in the face of failures. Have some cool war stories to tell from your past experience
Education & Experience
BS in Computer Science, Mathematics, or EE, or relevant industry experience is required.