Senior Application Security Engineer
Seattle, Washington, United States
Software and Services
Apple Media Products (AMP) has been leading the digital media industry by constantly developing innovative features since its launch in April 2003. This includes the incredibly successful App Store, Apple Music, Apple TV and more. We are looking for a self starting, energetic individual who is not afraid to question assumptions and with excellent written and oral communication skills. The candidate should have experience developing large-scale systems. The ability to be a good team player under tight deadline constraints in addition to ability to tackle problems with imaginative solutions is key to success in this position.
- 3+ years of experience in web application security, SSDLC, Threat Modeling.
- 5+ years crafting, implementing and supporting highly scalable backend applications.
- Deep understanding of web application security threats, exploits, prevention, HTTP and REST APIs.
- Strong experience with Java and the Java ecosystem.
- Experience with NoSQL & technologies like Cassandra preferred.
- Proficiency in networking concepts (firewalls, load balancers, etc).
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc).
- Ability to craft and establish secure coding patterns/standards across multiple code repositories.
- Experience securing infrastructure in public clouds (e.g. AWS, Azure, Google Cloud) and in Kubernetes.
- Familiar with tools and technologies used in penetration testing, vulnerability scanning, SAST and DAST.
As a Security Engineer in the Infrastructure team, you will: Be designing, developing and deploying large scale services and platforms. Conducting security assessments, architecture reviews, threat modeling of the application stack, including applications built on cloud and emerging technologies. Design and develop platform level solutions to promote security related initiatives and improvements. Review source code for potential security issues, recommend and implement fixes. Providing specific risk assessment and remediation guidelines for developers and business owners. Believe in automation and tooling as a critical part of the software lifecycle. Document and disseminating security guidelines for common security issues, remediation guidance, and security baselines. Work with developers and team-mates to provide security guidance and mentor them as necessary. Actively promote improving the security culture and education within the organization. Be curious about how systems work and how they fail, design them to be sustainable in the face of failures. Have some cool war stories to tell from your past experience.
Education & Experience
BS in Computer Science, Mathematics, or EE, or relevant industry experience is required.