Senior Offensive Security Engineer
Apple
Senior Offensive Security Engineer
Job Description
We are the Apple Services Engineering (ASE) Security Red Team. We focus on deep technical security review work of critical ASE services and infrastructure. These security reviews will be scoped and focused on review depth and quality. We are growing our team and looking a Senior Staff Security Engineer to lead deep reviews that identify meaningful security improvement opportunities. In this role, you will work closely with the security engineering, InfoSec, privacy, SRE, detection and design review teams to keep Apple's services secure for our users. You will identify security weaknesses, validate and design detection mechanisms, and provide actionable recommendations to enhance our security posture. You will go beyond simple to find risks and identify obscure and complex risks within complex services. You will collaborate with various architecture and engineering teams to continuously validate and improve our security controls and detection capabilities, with a strong focus on developing repeatable testing frameworks and metrics-driven security improvements. If you love diving into complex and important systems, and driving the security of that system over time, we want to talk to you! In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. You will learn the services architecture and risk profile to build a scope that enables a meaningful security review. You will be: A technical expert responsible for the enumerating risks, planning reviews, and executing those reviews to identify vulnerabilities and improvement opportunities; A technical expert in uncommon and obscure risks; A technical expert in complex business logic risks that require a depth of understanding of the services and their architectures; Able to identify areas that are ripe for improvement and establish appropriate security goals; Current on new security technologies, vulnerabilities, and methodologies; Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows
Locations
- Seattle, Washington, United States 98117
Salary
Estimated Salary Rangemedium confidence
50,000,000 - 120,000,000 INR / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- deep technical security reviewintermediate
- identifying security weaknessesintermediate
- validating and designing detection mechanismsintermediate
- providing actionable recommendationsintermediate
- enhancing security postureintermediate
- identifying obscure and complex risksintermediate
- collaborating with architecture and engineering teamsintermediate
- validating and improving security controlsintermediate
- developing repeatable testing frameworksintermediate
- metrics-driven security improvementsintermediate
- scoping and leading security reviewsintermediate
- learning services architecture and risk profileintermediate
- enumerating risksintermediate
- planning reviewsintermediate
- executing reviewsintermediate
- identifying vulnerabilitiesintermediate
- technical expertise in uncommon and obscure risksintermediate
- technical expertise in complex business logic risksintermediate
- establishing security goalsintermediate
- current on new security technologies, vulnerabilities, and methodologiesintermediate
- developing proof of concept systemsintermediate
- automating security recommendationsintermediate
- vulnerability discoveryintermediate
- process workflowsintermediate
Required Qualifications
- 8+ years in an information security field or software engineering; four or more of those years conducting security reviews (experience, 8 years)
- Extensive infrastructure, cloud and application security experience (experience)
- Experience communicating risk to engineering and leadership teams (experience)
- Ability to reason about security of a large and complex application or infrastructure (experience)
- Experience going deep on complex systems for extended engagements (experience)
Preferred Qualifications
- Bachelors degree in Computer Science / Engineering or a related, with emphasis in security related fields (or equivalent experience) (experience)
- Experience constructing narratives and building exploit chains (experience)
- Ability to reason about and influence software architecture for security (experience)
- Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc. (experience)
Responsibilities
- In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. You will learn the services architecture and risk profile to build a scope that enables a meaningful security review. You will be: A technical expert responsible for the enumerating risks, planning reviews, and executing those reviews to identify vulnerabilities and improvement opportunities; A technical expert in uncommon and obscure risks; A technical expert in complex business logic risks that require a depth of understanding of the services and their architectures; Able to identify areas that are ripe for improvement and establish appropriate security goals; Current on new security technologies, vulnerabilities, and methodologies; Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows
Tags & Categories
Answer 10 quick questions to check your fit for Senior Offensive Security Engineer @ Apple.
10 Questions
~2 Minutes
Instant Score
Related Books and Jobs
Senior Offensive Security Engineer
Apple
Senior Offensive Security Engineer
Job Description
We are the Apple Services Engineering (ASE) Security Red Team. We focus on deep technical security review work of critical ASE services and infrastructure. These security reviews will be scoped and focused on review depth and quality. We are growing our team and looking a Senior Staff Security Engineer to lead deep reviews that identify meaningful security improvement opportunities. In this role, you will work closely with the security engineering, InfoSec, privacy, SRE, detection and design review teams to keep Apple's services secure for our users. You will identify security weaknesses, validate and design detection mechanisms, and provide actionable recommendations to enhance our security posture. You will go beyond simple to find risks and identify obscure and complex risks within complex services. You will collaborate with various architecture and engineering teams to continuously validate and improve our security controls and detection capabilities, with a strong focus on developing repeatable testing frameworks and metrics-driven security improvements. If you love diving into complex and important systems, and driving the security of that system over time, we want to talk to you! In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. You will learn the services architecture and risk profile to build a scope that enables a meaningful security review. You will be: A technical expert responsible for the enumerating risks, planning reviews, and executing those reviews to identify vulnerabilities and improvement opportunities; A technical expert in uncommon and obscure risks; A technical expert in complex business logic risks that require a depth of understanding of the services and their architectures; Able to identify areas that are ripe for improvement and establish appropriate security goals; Current on new security technologies, vulnerabilities, and methodologies; Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows
Locations
- Seattle, Washington, United States 98117
Salary
Estimated Salary Rangemedium confidence
50,000,000 - 120,000,000 INR / yearly
Source: ai estimated
* This is an estimated range based on market data and may vary based on experience and qualifications.
Skills Required
- deep technical security reviewintermediate
- identifying security weaknessesintermediate
- validating and designing detection mechanismsintermediate
- providing actionable recommendationsintermediate
- enhancing security postureintermediate
- identifying obscure and complex risksintermediate
- collaborating with architecture and engineering teamsintermediate
- validating and improving security controlsintermediate
- developing repeatable testing frameworksintermediate
- metrics-driven security improvementsintermediate
- scoping and leading security reviewsintermediate
- learning services architecture and risk profileintermediate
- enumerating risksintermediate
- planning reviewsintermediate
- executing reviewsintermediate
- identifying vulnerabilitiesintermediate
- technical expertise in uncommon and obscure risksintermediate
- technical expertise in complex business logic risksintermediate
- establishing security goalsintermediate
- current on new security technologies, vulnerabilities, and methodologiesintermediate
- developing proof of concept systemsintermediate
- automating security recommendationsintermediate
- vulnerability discoveryintermediate
- process workflowsintermediate
Required Qualifications
- 8+ years in an information security field or software engineering; four or more of those years conducting security reviews (experience, 8 years)
- Extensive infrastructure, cloud and application security experience (experience)
- Experience communicating risk to engineering and leadership teams (experience)
- Ability to reason about security of a large and complex application or infrastructure (experience)
- Experience going deep on complex systems for extended engagements (experience)
Preferred Qualifications
- Bachelors degree in Computer Science / Engineering or a related, with emphasis in security related fields (or equivalent experience) (experience)
- Experience constructing narratives and building exploit chains (experience)
- Ability to reason about and influence software architecture for security (experience)
- Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc. (experience)
Responsibilities
- In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. You will learn the services architecture and risk profile to build a scope that enables a meaningful security review. You will be: A technical expert responsible for the enumerating risks, planning reviews, and executing those reviews to identify vulnerabilities and improvement opportunities; A technical expert in uncommon and obscure risks; A technical expert in complex business logic risks that require a depth of understanding of the services and their architectures; Able to identify areas that are ripe for improvement and establish appropriate security goals; Current on new security technologies, vulnerabilities, and methodologies; Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows
Tags & Categories
Answer 10 quick questions to check your fit for Senior Offensive Security Engineer @ Apple.
10 Questions
~2 Minutes
Instant Score
Related Books and Jobs