Job Description

Locations

• Cupertino, California, United States 95014
• Seattle, Washington, United States 98117

Salary

Skills Required

• threat detection software developmentintermediate
• detection development lifecycle managementintermediate
• attack simulationintermediate
• red team collaborationintermediate
• research formulationintermediate
• industry trend analysisintermediate
• incident analysisintermediate
• requirements driving for security toolsintermediate
• security telemetry expertiseintermediate
• incident responseintermediate
• incident triage automationintermediate
• software testingintermediate
• software maintenanceintermediate
• collaborationintermediate
• innovationintermediate
• feedback provisionintermediate

Required Qualifications

• 5+ years of experience in security engineering, threat detection, or incident response. (experience, 5 years)
• Proven ability to write and tune detections for cloud, SaaS, and endpoint environments. (experience)
• Strong software development background with hands-on experience in Apache Spark, SQL, GitHub workflows, and CI/CD practices. (experience)
• Knowledge of MITRE ATT&CK, threat modeling, and common attacker techniques. (experience)
• Demonstrated experience analyzing telemetry from logs (endpoint, network, or application). (experience)
• Solid understanding of cloud environments (AWS, GCP, or Azure) and cloud-native security logging. (experience)
• Exceptional written and verbal communication skills — can collaborate cross-functionally and write clear detection logic or proposals. (experience)
• Track record of team collaboration and working well in globally distributed environments. (experience)

Preferred Qualifications

• * Experience leading or mentoring detection engineering efforts, or demonstrated readiness to lead a regional team in the future. (experience)
• * Hands-on experience with automated incident response and containment tooling (SOAR platforms, custom scripts, etc.). (experience)
• * Familiarity with Apple-scale detection challenges, including scaling detection-as-a-service. (experience)
• * Passion for building tools and platforms that enable other engineers, not just writing detections. (experience)
• * Holds relevant industry certifications (e.g., GIAC, OSCP, AWS Security Specialty). (certification)
• * High ownership mindset — thrives in fast-paced environments and adapts to ambiguity. (experience)
• * A sharp eye for automation opportunities and eliminating repetitive work. (experience)
• * Strong interpersonal skills with a team-first attitude — approachable, constructive, and solution-oriented. (experience)

Responsibilities

• Apple is seeking an exceptional engineer to join its global Detection & Response team. This is a hands-on technical role which involves the creation, testing, and maintenance of Apple’s threat detection software. Additional responsibilities include:
• * Provide feedback and adhere to detection development lifecycle.
• * Quantify the efficacy of Apple’s detection software with attack simulation and red team collaboration.
• * Formulate new detection ideas based on newly-published research, industry trends, or major incidents.
• * Drive the requirements for Apple’s security telemetry and response tools.
• * Automate the triage and response to security incidents.

Tags & Categories