Software Security Engineer, Enterprise Technology Services
Apple
18 days ago
On-site
Austin, Texas, United States
Apple is where individual imaginations gather together, committing to the values that lead to great work. Every new product we build, service we create, or Apple Store experience we deliver is the result of us making each other’s ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It’s the diversity of our people and their thinking that inspires the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you’ll do more than join something — you’ll add something. \\n\\nThere is a lot that goes into building the most secure yet user-friendly devices in the world. We are a unique Software Development group with a charter to secure our platforms, which include iOS software, iOS Devices, and Mac. We build solutions that are used by our customers, engineering teams, and manufacturing environments. We are looking for a candidate who is passionate about both software and hardware security and enjoys highly technical, hands-on role in a dynamic and fast paced environment. This role will be responsible for testing and securing the Software Development Life Cycle, world-wide hardware manufacturing ecosystem and associated global IT infrastructure.\\n\\nAs a member of our fast-paced group, you will have the unique and rewarding opportunity to shape and improve the software that allows our products to surprise and delight billions of Apple’s customers every day! If you’re excited by the idea of making a real impact, and joining a team where we pride ourselves in being one of the most diverse and inclusive companies in the world, a career with Apple will be your dream job!
Our organization provides security server-side solution to enable various Apple product security features. As part of security team in this group, we are looking for someone who can drive advancements in security practices, proactively identifying security vulnerabilities, fortifying our platforms against emerging threats and enabling continuous innovation. The existing scope of the work includes the following and will be expanded with emerging new technology and new business initiatives.
Perform penetration testing and vulnerability assessments on software applications, API services, and infrastructure. Develop and execute new test plans, methodologies, and tools for assessing hardware and software security. Conduct static code analysis to identify and triage application security issues. Work closely with DevOps and engineering teams to remediate application security vulnerabilities and implement security best practices throughout the Software Development Life Cycle (SDLC) Assist in application and infrastructure security reviews to identify gaps in best practices, and collaborate with stake holder teams to improve security posture Perform reverse engineering and forensic analysis to identify security vulnerabilities and its exploitability. Rotate between red and blue functions and conduct simulated attacks \u0026 defence. Develop security strategies, frameworks, tools, and processes to assess and improve security posture of the organisation. Collaborate with hardware design teams to integrate security best practices during product development. Document findings, prepare comprehensive reports, and provide detailed security recommendations for remediation. Fulfill on-call responsibilities for handling security-related incidents. Continuous learning and conduct security research to stay updated on the latest threats, vulnerabilities, attack vectors, and mitigation techniques.
Understanding of fundamental IT domains including Networking, Operating\\nSystems, Security Principles, Secure Coding Practices, Cryptography and System\\nAdministration.\\nKnowledge of infrastructure security and physical security best practices\\nUnderstanding of software development and secure coding best practices.\\nRespect diversity and inclusiveness in a global organisation with ability to\\ncollaborate and communicate effectively\\nAbility to analyze complex problems, explore the greenfield and devise creative\\nsolutions.\\nStrong team player with adaptability
Knowledge in reverse engineering and exploit development, especially with hands-on\\nexperience in security penetration testing, red team exercises, Capture\\nThe Flag (CTF) competitions or security related hackathons.\\nUnderstanding of cryptographic algorithms, secure boot, secure firmware update\\nmechanisms is a plus.
Our organization provides security server-side solution to enable various Apple product security features. As part of security team in this group, we are looking for someone who can drive advancements in security practices, proactively identifying security vulnerabilities, fortifying our platforms against emerging threats and enabling continuous innovation. The existing scope of the work includes the following and will be expanded with emerging new technology and new business initiatives.
Perform penetration testing and vulnerability assessments on software applications, API services, and infrastructure. Develop and execute new test plans, methodologies, and tools for assessing hardware and software security. Conduct static code analysis to identify and triage application security issues. Work closely with DevOps and engineering teams to remediate application security vulnerabilities and implement security best practices throughout the Software Development Life Cycle (SDLC) Assist in application and infrastructure security reviews to identify gaps in best practices, and collaborate with stake holder teams to improve security posture Perform reverse engineering and forensic analysis to identify security vulnerabilities and its exploitability. Rotate between red and blue functions and conduct simulated attacks \u0026 defence. Develop security strategies, frameworks, tools, and processes to assess and improve security posture of the organisation. Collaborate with hardware design teams to integrate security best practices during product development. Document findings, prepare comprehensive reports, and provide detailed security recommendations for remediation. Fulfill on-call responsibilities for handling security-related incidents. Continuous learning and conduct security research to stay updated on the latest threats, vulnerabilities, attack vectors, and mitigation techniques.
Understanding of fundamental IT domains including Networking, Operating\\nSystems, Security Principles, Secure Coding Practices, Cryptography and System\\nAdministration.\\nKnowledge of infrastructure security and physical security best practices\\nUnderstanding of software development and secure coding best practices.\\nRespect diversity and inclusiveness in a global organisation with ability to\\ncollaborate and communicate effectively\\nAbility to analyze complex problems, explore the greenfield and devise creative\\nsolutions.\\nStrong team player with adaptability
Knowledge in reverse engineering and exploit development, especially with hands-on\\nexperience in security penetration testing, red team exercises, Capture\\nThe Flag (CTF) competitions or security related hackathons.\\nUnderstanding of cryptographic algorithms, secure boot, secure firmware update\\nmechanisms is a plus.