Senior Security Engineer - Red Team

We are the Apple Services Engineering (ASE) Security Red Team. We focus on deep technical security review work of critical ASE services and infrastructure. These security reviews will be scoped and focused on review depth and quality. We are growing our team and looking an Security Engineer to lead deep reviews that identify meaningful security improvement opportunities. In this role, you will work closely with the security engineering, InfoSec, privacy, SRE, detection, and design review teams to keep Apple's services secure for our users. You will identify security weaknesses, validate and design detection mechanisms, and provide actionable recommendations to enhance our security posture. You will go beyond simple to find risks and identify obscure and complex risks within complex services. You will collaborate with various architecture and engineering teams to continuously validate and improve our security controls and detection capabilities, with a strong focus on developing repeatable testing frameworks and metrics-driven security improvements. If you love diving into complex and important systems, and driving the security of that system over time, we want to talk to you!

In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. You will learn the services architecture and risk profile to build a scope that enables a meaningful security review. \n

4+ years in an information security field or software engineering; 2 or more of those years conducting security reviews\n\n2+ years of manually reviewing source code to assist in finding vulnerabilities\n\nAbility to adapt quickly to prioritization shifts and investigate unfamiliar technologies\n\nExtensive infrastructure, cloud, and application security experience\n\nExperience communicating risk to engineering and leadership teams\n\nAbility to reason about security of a large and complex application or infrastructure\n\nExperience going deep on complex systems for extended engagements

8+ years in an information security field; 4 or more of those years conducting security reviews\n\nBachelors degree in Computer Science / Engineering or a related, with emphasis in security related fields (or equivalent experience)\n\nExperience constructing threat scenario narratives and building exploit chains\n\nAbility to reason about and influence software architecture for security\n\nCommunity contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc.