Security Software Engineer, Systems
Santa Clara Valley (Cupertino), California, United States
Software and Services
The SPEAR team in Apple’s Security Engineering & Architecture organization is hiring a collaborative software security engineer with a drive to improve the security of end user devices. SPEAR is a dedicated team of software engineers that works on security hardening across all of Apple’s operating systems. We focus on projects ranging from surgical adoptions of memory safety technologies to wholesale refactors that reorient key system components to protect the security of our users’ devices. As a Security Software Engineer in SPEAR, you will gain hands-on experience securing a variety of low-level OS software. Your career development will be guided by training and mentorship in secure software development principles, kernel/firmware concepts, and cross-functional project execution. Your work will have a significant impact on the security of all of our users’ devices. As a result of the collective effort of dedicated engineers like yourself, Apple’s products are the most secure consumer devices on the market. Our mission is to continue to advance the state of the art of end user security. Our goal isn’t simply to be the most secure: we’re working to ensure the safety of every user’s digital life, even against the most malicious and well-resourced adversaries.
- Strong interest in software security and a desire to develop your skills in that area
- Experience or coursework in secure software development, vulnerability exploitation, or vulnerability mitigation
- Experience or coursework developing software in low-level environments such as firmware, device drivers, kernel, or hypervisor
- Familiarity with the security properties of compiled languages such as C, C++, Rust, or Swift
- Understanding of vulnerability exploitation and mitigation techniques
- Ability to communicate clearly and effectively about technical topics (verbal and written)
- Enthusiasm to collaborate on challenging cross-functional projects
Each project will involve solving unique challenges while handling the following core responsibilities: Gain familiarity with the implementation and security status of existing codebases. Contribute to the design of software security hardening projects. Projects can include memory safety technology adoption, mitigation deployment, sandboxing/isolation, refactoring, and other approaches as necessary. Update existing low-level software codebases as necessary to achieve project security goals using the most appropriate language, potentially including C, C++, or Swift. Implement project tests to cover relevant security properties, creating unit tests and collaborating with QA or fuzzing teams as necessary. Contribute to documentation and training materials required for partner team to maintain security properties going forward. Communicate empathetically and effectively during all project phases.
Education & Experience
BS in Computer Science or Computer Engineering; or equivalent experience/skills
- This role requires openness to new ways of approaching low-level software to achieve stronger security. While experience in these areas is not required, this could include use of memory safe languages, safer C++ abstractions, and C memory safety extensions.