Security Architect, Apple Media Products
San Francisco, California, United States
Software and Services
Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. Would you like the stimulation and challenges of building a world-class, extraordinary scalable commerce platform? Then this is the opportunity for you at Apple! We strive to provide a detailed purchase and subscription experience for our for millions of customers and developers. We are looking for a self-starting, energetic individual who is not afraid to question assumptions or charge head-first into gray areas. Excellent written and oral interpersonal skills are a must to collaborate in our multi-functional environments. The ideal candidate should have several years experience developing large-scale web-based applications using object-oriented languages. Excellent understanding of relational databases and data-modeling techniques are needed, and Cassandra or other NoSQL knowledge are a plus. We are primarily a Java shop.
- 10+years of experience in application architecture and security. Deep understanding of services oriented architecture, building internet-scale, distributed and mission critical services.
- Extensive knowledge of security issues faced by internal/external facing applications and ability to articulate their impact on technical and business users
- Demonstrated ability to build and execute complex, performant and highly secure designs. Experience implementing strategies to support secure and compliant architectures.
- Knowledge of network architectures, topologies and concepts (Firewalls, LB, WAF, CDN, VPC, ACL)
- Experience with full software development lifecycle, likes to champion secure-SDLC, comfortable working with SAST/DAST/SCA tools and committed to “shift left” strategy.
- Experience with architecture and security reviews, threat modeling applications and identifying areas of risk.
- Experience securing infrastructure in public cloud (e.g. AWS, Azure, Google Cloud) and cloud security/governance tools.
- Experience with assessment, development, implementation, optimization and documentation of a comprehensive set of security technologies and processes around inventory, data protection, crypto, key management, identity and access management.
- Experience with containers and kubernetes.
- Familiar with compliance regulations e.g. PCI, GDPR, SOC2, SOX
- Ability to craft and establish secure coding patterns/standards across multiple teams.
- Ability to triage, recommend remediations and implement fixes if needed.
- Ability to collaborate with multi-functional teams located in different time zones to drive fixes and alignment to established policies.
- Keeps up with industry trends insecurity technology and threats
Work with other security leads to define the org’s security program, measure alignment, suggest/implement changes, present to steering committee and engineering teams. Work on defining the security initiatives roadmap and implementation plan. Working with engineering teams during design to build secure services, conducting security architecture reviews of the application stack, including applications built on cloud and emerging technologies. Provide SME support, security guidance and mentoring. Work with engineering teams to evaluate new platforms, technologies and patterns. Work with other architects and engineers to develop tooling and framework components to allow easy adoption of security best practices e.g. auth, transport encryption, tracing. Work with central information security team to prioritize and address open issues and plan for security initiatives, red teaming and compliance audits. Publish and maintain coding standard methodologies, guidelines and policies, review source code for potential security issues. Mentor team members on writing code that is efficient, maintainable, testable and secure. Publish and maintain open source best practices, guidelines and policies. Determine training topics and material (with partners), determine audience,facilitate training and measure efficiency. Analyzing threat response triggers, suggest additional monitoring criteria and provide support during incidents. Stay on top of industry trends and threats/vulnerabilities. Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks.
Education & Experience
BS in Computer Science or equivalent experience.