Sr. Cyber Security Incident Response Analyst
Shanghai, Shanghai, China
Software and Services
Apple Information Security is responsible for protecting Apple’s data in transit and at rest. Apple employees and partners are always moving information from one system to another, or storing it on a server or device. Our job is to make sure Apple's information doesn't fall into the wrong hands. We are building a world-class team of security practitioners in Shanghai. This is a rare opportunity to be involved in something new from the beginning. As a member of our team, you will have the opportunity to collaborate with multi-functional partners both internal and external to Apple. Among the groundbreaking services you will have the opportunity to focus on is iCloud in China. We are looking for self-motivated individuals with an intuition for security who are not afraid to question assumptions. The ability to be results-driven, comfortable with dynamic requirements, and effective communicating cross-culturally are keys to success in this position. Show us your talent in this challenging, fun, and exciting environment. It’s what makes us Apple.
- Strong communication skills
- Highly collaborative with a high standard of ethics
- Ability to adapt to changing priorities and manage parallel activities
- Experience in information security with focus on incident response, security engineering, and/or intrusion detection
- Experience working in a Security Operations Center and/or a Computer Incident Response Team
- Knowledge of computer networks and common protocols (for example TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, HTTP)
- Experience with SQL and Linux
- Proficiency in one or more programming/scripting languages (for example Python, Go, C/C++).
- Experience with big data - using big data log collection and correlation tools for data analytics
- Experience in using log aggregation and distributed monitoring tools (for example Splunk, Elastic Stack)
- Proficiency in English language
You will join a team of best in-class security monitoring and threat analysts working on technology and processes with global reach. This role is an integral part of the security controls that Apple uses to protect its customers, brand, and data. As a Senior Cybersecurity Incident Response Analyst, you will: Perform daily operational monitoring; Manage information security events escalated to the threat analyst team; Function as an intrusion analyst to examine security events for context, risk, and criticality. Successful candidates will exhibit some of the following characteristics: Thorough understanding of incident response, cyber kill chain, threat modeling, and attack vectors. Ability to analyze endpoint, network, and application logs. Experience analyzing network traffic and using deep packet inspection tools. Demonstrated ability to work in a team environment. High level of motivation and enthusiasm for learning. Technical knowledge of Mac OSX and Linux Operating Systems preferred. Experience with disk and memory forensic tools preferred. Experience with the writing and tuning of IDS signatures preferred. Knowledge of CVEs and recent security vulnerabilities preferred. Excellent problem solving skills combined with hands-on experience doing root cause analysis and post incident reviews preferred. Ability to analyze malware and obfuscated code preferred. Knowledge of web application vulnerabilities with ability to triage/verify OWASP Top 10 issues preferred. Experience with creation of comprehensive technical reports preferred.
Education & Experience
B.S. in Computer Science, Engineering, equivalent degree, or relevant work experience in information technology or related field within the last 10 years.
- Apple is an Equal Opportunity Employer that is committed to inclusion and diversity. We also take affirmative action to offer employment and advancement opportunities to all applicants, including minorities, women, protected veterans, and individuals with disabilities. Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants.