Build Security Engineer

Apple is where individual imaginations gather together, committing to the values that lead to great work. Every new product we build, service we create, or Apple Store experience we deliver is the result of us making each other's ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It's the diversity of our people and their thinking that inspires the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you'll do more than join something - you'll add something.\\n\\nSoftware is often referred to as the \\\"soul\\\" of Apple's products. This role sits at the intersection of security and software engineering, with direct responsibility for protecting the systems and infrastructure used to manage, build, and distribute Apple's software. The Build Security Engineer will conduct threat modeling and security assessments, partner with engineering teams to uphold security standards, and develop technical solutions that strengthen Apple's build infrastructure security posture end to end.

The Build Security Engineer is a key contributor to the security of Apple's software supply chain. This role requires deep technical security expertise applied across threat modeling, offensive security assessments, and the development of security controls - all in close collaboration with the engineering teams who build and maintain Apple's most critical software infrastructure. The role also involves creating documentation, mentoring teammates, and staying current with the evolving threat landscape to proactively address risk.

3+ years of experience in cybersecurity, with hands-on experience in threat modeling, security assessments, or penetration testing\nExperience in a software engineering or security operations role\nExperience with scripting or programming languages such as Python or Bash\nExperience working cross-functionally with engineering teams on security requirements or controls

Experience conducting penetration testing or red team exercises, particularly targeting build pipelines or software supply chain components\nExperience leveraging LLMs safely to accelerate various security workflows\nExperience with container orchestration platforms such as Kubernetes\nProficiency in additional programming languages such as Go (Golang) or Perl\nFamiliarity with cybersecurity frameworks and standards (e.g., NIST, CIS, SLSA)\nExperience mentoring engineers or junior security team members on security concepts and best practices\nTrack record of identifying and driving remediation of vulnerabilities in complex software environments\nStrong written and verbal communication skills with the ability to present technical findings to varied audiences\nSecurity certifications such as OSCP or CISSP