Senior Security Engineer - Red Team
Software and Services
Apple Cloud Services (ACS), the team behind iCloud services and the infrastructure that powers it, is looking for experienced security engineers to partner with engineering teams working on significant services. You will collaborate with developers, site reliability engineers, and security teams to protect ACS services. On the ACS Security Red Team, we focus on deep technical security review work of critical ACS services and infrastructure. Your work will include full end-to-end security assurance activities including security architecture, threat modeling and extensive security testing. These security reviews will either be scoped and focused on review depth, or objective oriented with exploit chain enumeration. You will be working with partner teams in security engineering, privacy, detection and design review to keep Apple's services secure for our users. If you love diving into complex and important system, and driving the security of that system over time, we want to talk with you!
- Six or more years of experience in an information security field or software engineering
- Four or more of those years included conducting security reviews, threat modeling, tracking findings, and communicating risk to engineering and leadership teams
- Extensive infrastructure, cloud and application security experience.
- Ability to reason about security of a large and complex application or infrastructure
- Ability to influence software architecture for security
- Desire to go deep on complex systems for extended engagements
- Desire to construct narratives and build exploit chains
In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. You will also lead and scope goal or objective oriented Red Team exercises. Your Red Team exercises will include the standard phases of attacker emulation, like reconnaissance, exploitation, pivoting and stealth. Using insights from these engagements, you will help define, document, and automate security best practices, as well as advocate for platform-wide security enhancements to raise the security bar for all engineering teams at Apple! YOU WILL BE: - A technical expert responsible for the enumerating exploit chains. - A technical expert capable of identifying engagement scope, planning reviews, then executing those reviews to identify vulnerabilities and improvement opportunities. - Able to identify areas that are ripe for improvement and establishes appropriate security goals - Adept at building relationships with engineering and leadership teams to drive security improvements - Current on new security technologies, vulnerabilities, and methodologies - An excellent verbal and written communicator - Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows - Responsible for security decisions impacting hundreds of millions of users
Education & Experience
Bachelors degree in Computer Science / Engineering or a related, with emphasis in security related fields (or equivalent experience). Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc.
- Apple is an Equal Opportunity Employer that is committed to inclusion and diversity. We also take affirmative action to offer employment and advancement opportunities to all applicants, including minorities, women, protected veterans, and individuals with disabilities. Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants.
- Apple will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law.
- Apple's committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities.