Enterprise Application / Platform Security Engineer
Santa Clara Valley (Cupertino), California, United States
Software and Services
The Identity Management Services team at Apple is a high-performance server engineering team responsible for building large-scale systems that supports Apple’s own customer facing services such as iCloud, iTunes, Messages, FaceTime, Online store and many third-party applications that integrate with Apple. We are looking for a forward-thinking application security engineer who can ensure that the applications we build meet the most stringent security standards. The candidate should have a passion for application security, be a specialist in modeling threats and in conducting penetration testing and thrive in a fast-paced environment.
- Experience in securing and hardening of highly available, distributed and large-scale applications.
- Strong understanding of Java, J2EE, XML/JSON, OOD, related development tools and technologies.
- Expertise in web services security vulnerabilities and designing solutions to address them
- Expertise in open standards and protocols (HTTP / HTTPS, TLS, PKI, OAuth 2, SAML 2, cryptography etc)
- Expertise in modeling threats and ability to map it to the business domain
- Expertise in penetration testing tools and techniques
- Ability to conduct design reviews passionate about security and surface vulnerabilities early
- Ability to connect with multifaceted set of team members such as developers, testers, SREs and executive management
- Expertise in building testing tools and frameworks that can plugged into the CI pipeline
This is an individual contributor role and requires the candidate to analyze software applications and systems from a security perspective, model threats, conduct testing and work with the larger development team to address security issues. Responsibilities Analyze project requirements to understand potential threats and attack surfaces Conduct design and code reviews to understand the solution design and build threat models Prepare risk assessment document Recommend security-focused, design and implementation guidelines Collaborate closely with development team members to conduct penetration testing early and often Build tools to conduct ongoing pen testing in our testing and production environment Help implement security focused monitoring tools Mentor and coach application developers on security standard methodologies Act as development team liaison for other security teams in Apple Keep track of public literature, vulnerability reports and understand security state of the art to inform the product roadmap
Education & Experience
Bachelors (B.S) in Computer Science, Engineering or related field with 7+ years of application security experience Masters (M.S) in Computer Science, Engineering or related field with 5+ years application security experience
- Experience in Identity and Access Management domain is a big plus (authentication, authorization, provisioning, etc.).
- Exposure to Project Management skills and tools