Security Engineer- Apple Maps

Apple Maps Security seeks security engineers to partner with engineering teams developing new products and features. We work directly with developers, site reliability engineers, and security teams to protect Maps services and build a secure foundation. In this role, you deliver end-to-end security assurance, drive security architecture, conduct threat modeling, lead security testing, and manage risk. We collaborate with partners in Infosec, privacy, and legal to keep Apple services secure for users. Ready to drive impactful security improvements at Apple Maps? Apply now and join our team! \\n

An architect in the Maps Security team will lead security architecture reviews across diverse application stacks, develop tooling and frameworks to streamline the security testing and validation process, identify systemic issues and drive improvements, mentor developers and peers to adopt a security mindset and practices. Key responsibilities include developing and executing security cases to uncover vulnerabilities and missing controls. You will deliver actionable risk assessments and remediation guidance to developers and leadership as a trusted advisor. The role involves performing source code analysis and adversary simulation across applications, APIs, and environments. You will design robust defenses and secure-by-design solutions. Staying informed about emerging threats and translating insights into enhanced security measures is essential. You will author security guidelines, baselines, and playbooks to elevate organizational standards. \n

Application and Infrastructure Security expert with 10+ years' experience.\nDeep understanding of web application security threats, exploits, and prevention.\nAbility to triage, reproduce, and recommend remediations for vulnerabilities\nExperience in adversary simulation and threat modeling.\nDriven to research vulnerabilities and exploitation techniques.\nKnowledge of development and integration tools and technologies (e.g., CI/CD)\nFamiliar with static and dynamic application security tools (e.g., Checkmarx, Qualys).\nKnow test automation frameworks for security QE and networking concepts.\nCollaborate cross-functionally to foster innovation with robust protection\nBS/MS in Computer Science or relevant industry experience.

Assess emerging GenAI attack surfaces - such as prompt injection, data exfiltration, and model inversion -and implement appropriate safeguards-such as input validation, data monitoring, and regular model auditing-for LLM-powered applications.\nUnderstand model lifecycle security, secure fine-tuning, and ML/AI governance frameworks.\nKeep security simple, scalable, and effective by building foundational practices that engineers embrace.\nKeeps up with industry trends in security technology and threats\nSecure infrastructure in public cloud environments, including AWS, Azure, and Google Cloud.\n