Security Engineer - Apple Ads

At Apple, we focus deeply on our customers' experience. Apple Ads brings this same approach to advertising, helping people find exactly what they're looking for and helping advertisers grow their businesses. Our technology powers ads and sponsorships across Apple Services, including the App Store, Apple News, and MLS Season Pass. Everything we do is designed for trust, connection, and impact: We respect user privacy, integrate advertising thoughtfully into the experience, and deliver value for advertisers of all sizes-from small app developers to big, global brands. Because when advertising is done right, it benefits everyone.

Description As a Senior Security Engineer on the Apple Ads team, you'll play a key role in protecting the security and integrity of critical systems powering one of Apple's most dynamic businesses. You will collaborate with engineers across product, infrastructure, and compliance teams to identify risks, influence secure architecture, and implement scalable defenses. Your work will directly impact how millions of users safely experience advertising within Apple's ecosystem. Key responsibilities include: - Conducting deep-dive security reviews of cloud-native and web applications - Leading threat modeling, risk assessment, and security validation for new services and features - Building and maintaining internal security tools and automations to support developer workflows - Reviewing infrastructure-as-code, source code, and APIs for security flaws - Triaging and responding to security vulnerabilities identified through static/dynamic analysis and bug reports - Designing automated tests and mitigations for recurring classes of security risks - Mentoring engineering teams on secure coding, architecture, and operational practices - Researching industry trends, emerging attack techniques, and evolving technologies to proactively strengthen our defenses - Automating security workflows and detection capabilities, leveraging AI where possible

Minimum Qualifications

• 5+ years of hands-on experience in information security (7+ preferred)
• Proficiency in Python (preferred) or another scripting language such as Bash or Go
• Strong understanding of application security principles and web vulnerabilities (OWASP Top 10, etc.)
• Experience securing cloud environments (AWS preferred; Azure or Google Cloud Platform acceptable)
• Familiarity with CI/CD pipelines and integrating security into the development lifecycle
• Experience with static and dynamic analysis tools (e.g., Semgrep, Burp Suite, Checkmarx)
• Solid understanding of authentication, encryption, network security, and vulnerability management
• Ability to assess complex risks, propose mitigation strategies, and collaborate across functions
• Excellent communication and interpersonal skills

Preferred Qualifications

• Passion for customer privacy
• OSCP, OSWE, or other industry-recognized security certifications
• Experience mentoring developers or leading secure development initiatives
• Background in infrastructure-as-code and security automation (e.g., Terraform, Ansible, Jenkins)
• Knowledge of container security and Kubernetes environments
• Familiarity with threat intelligence, incident response, and secure software architecture

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant .