Senior Security Engineer

Posted: 26 Sep 2023

Weekly Hours: 40

Role Number:200464227

Are you a security engineer who enjoys using your expertise to help developers build securely? Come help us build our security baselines program, an innovative approach to addressing the industry-wide challenge of scaling security engineering coverage across large organizations.

Key Qualifications

5+ years of work experience in security engineering focused on building secure systems, familiarity with Product Security, Application Security, or Adversarial Simulation such as Penetration Testing is a plus
In-depth knowledge of OWASP Top Ten and ability to describe common vulnerabilities in detail
Familiarity with common security control frameworks, such as NIST
Experience assessing software and services to identify vulnerabilities, enumerate attack surfaces, and highlight security and privacy concerns in complex systems, including offering mitigation strategies
Familiarity and experience with the Secure Development Lifecycle process, including CI/CD pipelines and multi-tenant compute infrastructure and the various security controls woven throughout
Experience advising developers how to build securely, offering guidance through implementation details, and creative solutions where technical constraints exist
Experience developing and driving implementation of frameworks to manage security threats and vulnerabilities
Proficiency in one of the following scripting languages - Python, Java, JavaScript, Golang preferred
Ability and experience ramping up quickly to new tech stacks
Excellent technical written and verbal communications skills
Empathy for our engineering partners, and the ability to collaborate towards practical solutions that meet everyone’s needs

Description

Your role will be to define and advocate for a common set of minimum security requirements, help make it easy for teams to adopt those requirements, and measure progress along the way. This is not a checkbox role, baselines are only meaningful if they are mapped to a reasonable threat, and the recommended mitigation is possible via battle-tested tools that exist today. You’ll set the bar and shape the future of our security standards, by iterating on your experience with engineering team challenges as they adopt practices and tools to develop securely. -Define the achievable, minimum level of security controls a service should have in order to take production traffic -Leverage an understanding of how complex software is written and deployed to identify tools which make it easier to build securely, and curate those that are a good fit for our organization and tech stacks -The ability to investigate and assess internal and externally-created tools and technical solutions, to curate those that are a good fit for our organization and tech stacks -Develop opinionated advice specifying which controls best secure critical workloads, and guide teams on how to implement these controls -Socialize baselines and their guides across engineering teams, and align with leadership on commitments for critical workloads -Drive baseline adoption to critical mass, make it the norm via incremental culture-change -Work with the security assurance team to identify key baseline candidates in need of feasible solutions -Unblock remediation issues, and manage exceptions where necessary -Define metrics for success, and develop dashboards to monitor progress and adoption of controls via development and deploy tools (guardrails, wrappers/libraries, platform features, deployment checks)

Education & Experience

Bachelors degree in Computer Science / Engineering with emphasis in security related fields (or equivalent experience) Certs like OSCP, OSCE, OSEE, etc. helpful but not vital. Bonus points for community contributions like public CVEs, bug bounty recognition, open source tools, blogs, etc.

Additional Requirements

Apple is an Equal Opportunity Employer that is committed to inclusion and diversity. We also take affirmative action to offer employment and advancement opportunities to all applicants, including minorities, women, protected veterans, and individuals with disabilities. Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants.
Apple will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.
Apple's committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities.

Pay & Benefits

At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $131,500 and $243,300, and your base pay will depend on your skills, qualifications, experience, and location.

Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan. You’ll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.

Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.