Overview
USD 175,800.00 - 264,200.00 per year
Full Time
Skills
Software Development
Innovation
Auditing
System On A Chip
Integrated Circuit
Design Patterns
Collaboration
Partnership
Payments
Computer Science
Computer Engineering
Reporting
ROOT
Network Protocols
Objective-C
Operating Systems
Web Browsers
Research
Communication
Firmware
Computer Hardware
Reverse Engineering
Scripting
Python
Scala
Writing
Programming Languages
C
C++
Job Details
Imagine what you can do here. Apple is a place where extraordinary people gather to do their lives best work. Together we create products and experiences people once couldn't have imagined, and now, can't imagine living without. It's the diversity of those people and their ideas that inspires the innovation that runs through everything we do.
Description APPLE INC has the following available in Cupertino, California and various unanticipated locations throughout the USA. Triage and assess externally reported security vulnerabilities affecting Apple products. Analyze and prioritize vulnerability reports based on their severity and ease of exploitation. Identify the root cause of security vulnerabilities. Collaborate with engineering teams to resolve the security vulnerabilities. Propose design changes or mitigations to fix classes of security vulnerabilities. Conduct vulnerability discovery and research. Perform variant analysis of externally reported vulnerabilities to find patterns of vulnerable software in other Apple software projects. Manually audit software. Use static analysis tools to write queries to look for vulnerable patterns in software. Write fuzzing harnesses for reachable attack surfaces, which might be of interest to Attackers. Analyze different processor systems that are part of the Apple SoC (system on a chip) from a security standpoint. Write targeted fuzzers to uncover security vulnerabilities in co-processors. Analyze the communication mechanism between the main application processor and other co-processors. Identify security vulnerabilities in co-processor firmware and companion kernel drivers. Assess 0-day threats affecting Apple devices. Reverse engineer binaries to recover exploit chains used in 0-day attacks. Write scripts for reverse engineering tooling (such as the IDA disassembler) for de-obfuscation or aid in reverse engineering. Present novel research on identifying individual security vulnerabilities as well as vulnerable design patterns in Apple products in partnership with team members during team meetings. Share tools and techniques used for finding and assessing security vulnerabilities with other team members. 40 hours/week. At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $175,800 - $264,200/yr and your base pay will depend on your skills, qualifications, experience, and location. PAY & BENEFITS: Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You'll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits: Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.
Minimum Qualifications
Preferred Qualifications
Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant .
Description APPLE INC has the following available in Cupertino, California and various unanticipated locations throughout the USA. Triage and assess externally reported security vulnerabilities affecting Apple products. Analyze and prioritize vulnerability reports based on their severity and ease of exploitation. Identify the root cause of security vulnerabilities. Collaborate with engineering teams to resolve the security vulnerabilities. Propose design changes or mitigations to fix classes of security vulnerabilities. Conduct vulnerability discovery and research. Perform variant analysis of externally reported vulnerabilities to find patterns of vulnerable software in other Apple software projects. Manually audit software. Use static analysis tools to write queries to look for vulnerable patterns in software. Write fuzzing harnesses for reachable attack surfaces, which might be of interest to Attackers. Analyze different processor systems that are part of the Apple SoC (system on a chip) from a security standpoint. Write targeted fuzzers to uncover security vulnerabilities in co-processors. Analyze the communication mechanism between the main application processor and other co-processors. Identify security vulnerabilities in co-processor firmware and companion kernel drivers. Assess 0-day threats affecting Apple devices. Reverse engineer binaries to recover exploit chains used in 0-day attacks. Write scripts for reverse engineering tooling (such as the IDA disassembler) for de-obfuscation or aid in reverse engineering. Present novel research on identifying individual security vulnerabilities as well as vulnerable design patterns in Apple products in partnership with team members during team meetings. Share tools and techniques used for finding and assessing security vulnerabilities with other team members. 40 hours/week. At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $175,800 - $264,200/yr and your base pay will depend on your skills, qualifications, experience, and location. PAY & BENEFITS: Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You'll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits: Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.
Minimum Qualifications
- Bachelors or foreign equivalent in Computer science, Computer engineering, or related field and 2 years of experience in the job offered or related occupation.
- 2 years of experience with each of the following skills is required:
- Using cryptographic protocols and network protocols to assess external vulnerability report impact by identifying root cause cryptographic protocols and network protocols.
- Using programming languages including C, C++, and Objective-C to identify and fix security vulnerabilities in codebases.
- Analyzing and triaging externally reported security vulnerabilities affecting software and hardware.
- Security technologies including operating system security, co-processor security, browser security, and other security features and mitigations.
- Performing vulnerability detection and research requiring knowledge of processor architecture, inter-processor communication mechanisms, and firmware and hardware security.
- Writing Python scripts for reverse engineering tooling including IDA disassembler for de-obfuscation or aiding in reverse engineering
- Coverage guided fuzzing, grammar based structure aware fuzzing.
- Scripting and programming languages including Python, Scala and C for writing tools
- Different bug classes affecting native programming languages, including memory corruption issues affecting C, and C++.
Preferred Qualifications
- N/A
Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant .
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.