Security Engineer - Apple Ads
At Apple, we focus deeply on our customers’ experience. Apple Ads brings this same approach to advertising, helping people find exactly what they’re looking for and helping advertisers grow their businesses!
Our technology powers ads and sponsorships across Apple Services, including the App Store, Apple News, and MLS Season Pass. Everything we do is designed for trust, connection, and impact: We respect user privacy, integrate advertising thoughtfully into the experience, and deliver value for advertisers of all sizes—from small app developers to big, global brands. Because when advertising is done right, it benefits everyone!
We're seeking an Information Security engineer who is passionate about protecting our critical infrastructure and services!
As an Information Security engineer, you will collaborate with engineering leaders, developers, quality engineers, and security teams to secure Ad Platforms’ applications and services, present and future. Your responsibilities will include assessing the risk landscape for products, and helping drive risk mitigation. You will work with partner teams on security tools, penetration testing, and security testing methodologies to keep Ad Platforms services secured.
You'll experience a constantly evolving technology and threat landscape and contribute to the education of teams on compliance activities throughout the development lifecycle. You should expect to be exposed to a broad range of systems, including web applications, big data, distributed processing, and virtualized environments.
RESPONSIBILITIES INCLUDE
- Conducting security reviews of the service stack, including applications built on cloud and new technologies
- Helping build new security tooling and services to support developers at scale
- Performing security testing on new applications, products, and features before they are released
- Reviewing source code for potential security issues
- Designing and automating security test cases to check for vulnerabilities or broken/missing security controls
- Providing specific risk assessment and remediation guidelines for developers and business owners
- Triaging and reviewing findings from security tools including static and dynamic scanners
- Researching the latest security best practices, trends, threats and vulnerabilities, and technology frameworks
- Documenting and disseminating security guidelines for common security issues, remediation guidance, and security baselines
- Working with developers to provide security guidance and mentor them on secure development practices
- Developing tools and exploits to support security testing
- Writing automations to streamline common tasks, tests, workflows, etc.
- Keeping up with industry trends in security technology and threats
- 4+ years of relevant Information Security experience
- Proficient with a scripting language (e.g., Python, Bash, Go).
- Experience with Java or Javascript
- Passion for understanding and researching vulnerabilities and exploitation techniques
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of securing applications in cloud (i.e. Docker, Kubernetes)
- Experience with common security tools i.e. SAST or DAST
- Understanding of core networking concepts (firewalls, load balancers, etc)
- Understanding of cryptography
- A strong understanding of web application security threats, exploits, prevention (Injection, platform hardening, etc)
- Prior experience/background in web application development
- Ability to triage, reproduce, and recommend remediations for vulnerabilities
- Excellent communication and interpersonal skills
- 7+ years of relevant Information Security experience
Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.