Application Server and Security Engineer, Apple Media Products
San Francisco, California, United States
Software and Services
Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. Would you like the stimulation and challenges of building a world-class, extraordinary scalable commerce platform? Then this is the opportunity for you at Apple! We strive to provide a flawless purchase and subscription experience for our for millions of customers and developers. We are looking for a self-starting, energetic individual who is not afraid to question assumptions or charge head-first into gray areas. Excellent written and oral social skills are a must to collaborate in our multi-functional environments. The ideal candidate should have several years' experience developing large-scale web-based applications using object-oriented languages. Excellent understanding of relational databases and data-modeling techniques are needed, and Cassandra or other NoSQL knowledge are a plus. We are primarily a Java shop.
- Experience crafting, implementing and supporting highly scalable backend applications. Deep understanding of HTTP and API development.
- Experience with secure SDLC, Threat Modeling and SAST. Knowledge of development/integration tools and technologies (e.g. CI/CD)
- Background in web application development and code auditing strongly preferred
- Proficiency in networking concepts(firewalls, load balancers, etc)
- Experience working with infrastructure in public cloud (e.g. AWS, Azure, Google Cloud)
- Passion for understanding and researching application security, vulnerabilities and exploitation techniques.
- Ability to triage, recommend remediations and complete fixes as needed.
- Ability to craft and establish secure coding patterns/standards across multiple code repositories. Mentor team members on writing code that is secure, efficient, maintainable and testable.
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Keeps up with industry trends in security, technology and threats
- Ability to work in a self directed, dynamic environment, that is highly collaborative and multi-functional projects that are high profile and critical to the Apple.
Contribute in designing, developing and deploying large scale services and platforms Conduct security architecture reviews of the application stack, including applications built on cloud and emerging technologies Design and develop platform level solutions to promote security related initiatives and improvements. Review source code for potential security issues, recommend and implement fixes. Write security test cases to check for vulnerabilities or broken/missing security controls Provide specific risk assessment and remediation guidelines for developers and business owners Develop tools and processes for collecting metrics and reporting on technology adoption, vulnerabilities and other critical metrics Helping manage and triage findings from security tools and static and dynamic scanners Document and disseminate security guidelines for common security issues, remediation guidance, and security baselines. Work with developers to provide security guidance and mentor them as necessary. Actively promote improving the security culture and education within the organization. Influence and collaborate with the organization to develop secure solutions and to accomplish stated security goals Research the latest security standard methodologies, trends, threats and vulnerabilities, and technology frameworks Eager to learn new technologies and solutions Be a champion for Application Security
Education & Experience
BS in Computer Science or equivalent experience.