Vulnerability Management Engineer

Shanghai, Shanghai, China
Software and Services


Weekly Hours: 40
Role Number:200164545
Apple Information Security is responsible for protecting Apple’s data in transit and at rest. Apple employees and partners are always moving information from one system to another, or storing it on a server or device. Our job is to make sure Apple's information doesn't fall into the wrong hands. We are building a world-class team of security practitioners in Shanghai. This is a rare opportunity to be involved in something new from the beginning. As a member of our team, you will have the opportunity to collaborate with multi-functional partners both internal and external to Apple. Among the groundbreaking services you will have the opportunity to focus on is iCloud in China. We are looking for self-motivated individuals with an intuition for security who are not afraid to question assumptions. The ability to be results-driven, comfortable with dynamic requirements, and effective communicating cross-culturally are keys to success in this position. Show us your talent in this challenging, fun, and exciting environment. It’s what makes us Apple.

Key Qualifications

  • Strong communication skills
  • Highly collaborative with a high standard of ethics
  • Ability to adapt to changing priorities and manage parallel activities
  • Knowledge of computer networks and common protocols (for example TCP/IP, UDP, DNS, FTP, SSH, SSL/TLS, HTTP)
  • Experience with SQL and Linux
  • Experience with Python
  • Experience with big data - using big data log collection and correlation tools for data analytics
  • Expertise building and using log aggregation and distributed monitoring tools (for example Splunk, Elastic Stack)
  • Proficiency in English language


You will join a team that passionately stays ahead of emerging security vulnerabilities and threats, keeps cool amidst crisis, and advocates every day for improving the security of Apple products and services. As a Vulnerability Management Engineer, you will: Strategize vulnerability management for the application and business teams; Author clear, authoritative responses to vulnerability queries; Provide guidance to engineering teams regarding the impact of security issues; Work closely with project management to drive issues to closure. Successful candidates will exhibit some of the following characteristics: Very good understanding of vulnerability scanning tools Excellent understanding of common vulnerabilities including OWASP Top 10 and the ability to judge their severity and impact to the business Strong understanding of cloud deployments and assessing associated security risks Good knowledge in container solutions using Kubernetes Proficient with SDLC and security development best practices Ability to provide precise guidance on vulnerability queries Preference for knowledge of large-scale security solutions integration Proficient in programming languages such as python, Golang and Scala Good knowledge of integrating very large data sets - analyze the data and present relevant metrics Ability to serve as the escalation point for critical vulnerability remediation activities including coordinating plans and validation Ability to support “on call” for any security incidents during local hours

Education & Experience

B.S. in Computer Science, Engineering, equivalent degree, or relevant work experience in information technology or related field within the last 10 years.

Additional Requirements

  • Apple is an Equal Opportunity Employer that is committed to inclusion and diversity. We also take affirmative action to offer employment and advancement opportunities to all applicants, including minorities, women, protected veterans, and individuals with disabilities. Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants.