IAM Architect
Apple is a place where extraordinary people gravitate to do their life's best work. Together we craft products and experiences people once couldn’t have imagined — and now can’t imagine living without. The Apple Service Engineering (ASE) team builds and provides systems and infrastructure that fuel Apple’s services (such as Apple TV, App Store, Apple Music, Apple Fitness, iCloud, Siri, and Maps). We are the foundation on which Apple’s software developers build the products that our customers love. Our services have to scale globally, stay highly available, and meet the high security expectations for our billions of customers.
The Security team within ASE is seeking a highly skilled and hands-on IAM Architect to design, implement, and optimize our Identity and Access Management (IAM) systems. This role requires deep technical expertise in IAM frameworks, authentication protocols, and access control mechanisms. The ideal candidate will be able to apply industry-leading security practices, build and execute identity and access management governance program, as well as drive seamless, secure access across the organization.
Architecting Identity and Access Management at Apple scale requires creativity to build world-class security fitting to our customers expectations. Familiarity with AWS IAM, GCP IAM, and other third party systems is only the beginning, understanding how to scale and transform systems in a safe and secure way requires experience and a deep understanding of how applications are built, deployed, and operated. You will work closely with stakeholders, engineers, product, program, and executives to charter a unification strategy that includes all compute, storage, network, data warehouse, business operations, business applications, and beyond.
YOU WILL:
Lead the design and implementation of scalable IAM infrastructure components ranging from hardware root identity, cryptographic chain of trusts, and fine grain access control
Architect and integrate authentication and authorization frameworks (ACL, RBAC, ABAC, Zero Trust).
Collaborate with security, engineering, and product teams to align IAM strategies with business needs.
Write, present, and communicate to senior executives the principles and benefits of IAM
Lead engineering teams to secure and timely solutions
Contribute code to demonstrate POCs
- 10+ years of experience in Identity and Access Management (IAM) architecture and engineering.
- Hands-on experience with building reliable web-scale policy-based Authentication and Authorization solutions
- Prior experience being a technical/engineering lead on a team in a service organization
- Proficiency in one or more programming languages (Golang, Java, Swift)
- Experience with cloud-based IAM (AWS IAM, Azure AD, Google Cloud Identity)
- Strong problem-solving skills
- Ability to work cross-functionally, including communicating roadmaps, decisions and proposals to senior and executive leadership
- Strong knowledge of privileged access management (PAM) and identity governance solutions.
- Working knowledge of Kubernetes ecosystem
- Understanding of networking security controls and techniques for network isolation
- Understanding of TPM, Hardware Root of Trust, PKI, UEFI Secure Boot, Measured Boot and security attestation architecture for hardware and workload identity provisioning
- Understanding of Linux security subsystems (SELinux, BPF, IPC, etc.)
Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.