Engineering Program Manager, Security Infrastructure, Apple Services Engineering

Apple Services Engineering (ASE) team is one of the most exciting examples of Apple's long-held passion for combining art and technology! We enable Apple's apps and services, and we do it on an extensive scale, to hundreds of millions of customers in over 35 languages to more than 150 countries. The ASE Security team is seeking an experienced Security Engineering Program Manager to help manage and scale our Offensive Security Team (Red Team). Within ASE you will work with and influence colleagues across Apple to proactively identify security risks and ensure that offensive security findings drive meaningful improvements across our software and development processes. As our work is integral through the entire software stack, you will have the opportunity to work with a wide variety of engineering teams across Apple. We cultivate strong relationships, build trust, and influence without direct authority. We communicate openly and clearly, collaborate enthusiastically, and value a diverse culture of healthy debate. Do these points resonate with you? If so, we want to talk!

As a Security Engineering Program Manager in ASE, you are both a technical and functional expert in the world of offensive security and adversarial testing at scale. While working directly with ASE's red team and engineering partners, you will identify opportunities to strengthen our security posture through targeted adversarial exercises and simulation. This will include driving the end-to-end planning and execution of red team engagements, managing remediation tracking, and working with service owners to develop innovative solutions to complex security challenges. You will be responsible for identifying, planning, and delivering program security outcomes by independently engaging a broad set of stakeholders.

5+ years of experience managing projects or programs in the field of security.\n2+ years of experience working in offensive security, red team operations, or penetration testing.\nProject Management Expertise: Proficiency in managing complex projects, including defining scopes, setting timelines, and coordinating cross-functional teams to ensure timely and successful delivery.\nTechnical Proficiency: A solid understanding of software development, systems engineering, or related technical fields to effectively oversee offensive security programs and engage credibly with red team engineers.\nOffensive Security Fluency: Working knowledge of red team operations, penetration testing methodologies, adversary simulation, and common attack frameworks such as MITRE ATT&CK.\nBS in Computer Science or related technical field or relevant industry experience

Proven history of building or scaling an offensive security or red team program.\nPrior hands-on experience in a penetration testing, red team, or security engineering role.\nExperience with cloud security and cloud-based attack surfaces.\nRisk Management Skills: Ability to identify, assess, and prioritize security risks surfaced through offensive testing, and communicate appropriate remediation strategies to protect organizational assets.\nBuild Trust and Influence: Experience fostering collaboration and influencing stakeholders without direct authority to achieve program objectives.\nCommunication Skills: Ability to convey complex technical information to both technical and non-technical stakeholders, ensuring clarity and alignment.\nAnalytical and Problem-Solving Abilities: Strong analytical skills to assess complex security challenges and develop innovative solutions to address them.\nDrive What Matters: Able to focus and simplify, balancing the details with goals, priorities, and trade-offs in mind.