Principal Security Engineer, Detection and Response
Seattle, Washington, United States
This position can be located in Seattle (WA), Austin (TX), or Santa Clara Valley (CA). Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. We are seeking an extraordinary Information Security Engineer who is passionate about security incident detection and response, and can thrive in a fast- paced environment where both individual drive and team collaboration are the keys to success. This is a technical hands-on role that is focused on public and private cloud security across all of Apple. You’ll be working to identify problems, establish a vision for how to address those problems, and unite the relevant owners within the business on achieving that vision!
- To be successful, you must have deep technical expertise in threat intelligence and hunting, incident detection at scale, and creating effective incident containment and response practices, coupled with a broad understanding of the security and information technology landscape. You must be able to influence without authority, innovate to tackle tough problems, and communicate clearly to all levels of the organization.
- Significant technical depth in security incident detection and response:
- Deep understanding of attack models (such as MITRE’s ATT&CK framework), and experience applying them in large-scale enterprise environments
- Deep understanding of information security intelligence and threat-hunting, preferably with hands-on experience deploying an activity-based intelligence (ABI) model
- Hands-on experience in creating and deploying the instrumentation and data capturing capabilities to ensure visibility in large-scale, heterogenous deployments
- Practical application of detection and response methodologies in a variety of environment types, including on premises, private cloud, and public cloud providers
- Hands-on experience with effective incident response and containment practices
- Fluency in building and deploying software using modern engineering practices
- Fluency in at least one programming language, preferably multiple
- Familiarity with the application of Machine Learning in a security context, including its capabilities and limitations
- A broad base of technical knowledge spanning many of the fields of information technology
- Examples: software engineering, system administration, network engineering, governance and compliance
- Experience delivering results in an enterprise environment
- Ideally from a position of little or no direct authority
- Ideally in efforts that span teams or organizations
- Communicate clearly and effectively
- You must have excellent writing skills
- You must be able to target your communications to the audience, whether technical or not, whether an executive or a front-line individual
You will join a team that is responsible for ensuring that Apple has a clear vision and agreed upon goals that support our mission to protect Apple and Apple’s customers. We use our expertise in security, our knowledge of software development and information technologies, and our extensive knowledge of Apple's history, organizations, and capabilities, to bridge gaps, connect people, and invent novel solutions. You will need to have strong foundational knowledge in all areas of Information Security, superb interpersonal skills, and the ability to drive initiatives in a large teams. The role also requires a strong ability to work under pressure with incomplete information, and an ability to adapt to changing priorities. This role is focused on security detection and response across Apple, with specific responsibilities including: - Definition of vision and strategic plans - Design and evaluation of software and infrastructure architectures - Research on industry landscape and technology developments - Authoring technical reports and position papers - Partnering with leaders and engineers to influence and define execution plans - Presenting to audiences at varying levels of the organization - Ownership of multi-functional and cross-organizational programs as the “directly responsible individual” - Creating prototypes and/or proof of concepts to demonstrate that a proposed solution would work - Mentorship of junior engineers and technical leaders
Education & Experience
The ideal candidate will have at least 10 years of relevant industry experience, plus a Bachelors in Computer Science or Engineering with an emphasis in Information Security or a related field, or equivalent experience.