Job Description

Locations

• Seattle, Washington, United States 98117

Salary

Skills Required

• security architectureintermediate
• threat modelingintermediate
• security testingintermediate
• risk managementintermediate
• conducting security reviewsintermediate
• developing threat modelsintermediate
• building standard methodologiesintermediate
• defining platform-wide security improvementsintermediate
• automating security recommendationsintermediate
• vulnerability discoveryintermediate
• process workflowsintermediate
• using data to drive efficiencyintermediate
• prioritizing security engagementsintermediate
• establishing relationships with teamsintermediate
• driving security improvementsintermediate
• verbal communicationintermediate
• written communicationintermediate
• developing proof of concept systemsintermediate
• identifying areas for improvementintermediate
• establishing security goalsintermediate
• current on security technologiesintermediate
• current on vulnerabilitiesintermediate
• current on methodologiesintermediate
• innate curiosityintermediate
• listening for nuancesintermediate
• digging into detailsintermediate
• understanding systems and weaknessesintermediate

Required Qualifications

• 6 or more years conducting security reviews, threat modeling, tracking findings, and communicating risk to engineering and leadership (experience)
• Knowledgeable about distributed systems design patterns and security implications when developing platform services at a cloud scale (experience)
• Deep understanding of cloud-native architecture and managed platform service (eg. compute, storage, networking, databases) (experience)
• Experience multi-tenant system design and secreting multi-tenant software as a service and platform as a service offerings. (experience)
• Conversant in at least one programming language such as Python, Java, Go, or Swift (experience)
• Experience with security standard processes of third party cloud environments (experience)

Preferred Qualifications

• Bachelor's Degree or equivalent experience preferred (experience)
• Bonus points for community contributions like public CVEs, bug bounty recognition, open source tools, blogs, etc. (experience)
• Experience with Artificial Intelligence and Machine Learning is a plus (experience)

Responsibilities

• In this role, you will be the primary security team point of contact for several large engineering efforts. You will work with engineering teams throughout their development lifecycle. You will conduct security reviews and develop threat models and use the insights from these engagements to build standard methodologies. You will help define, automate and advocate for platform-wide security improvements. You will partner with your colleagues to raise the security bar for all engineering teams at Apple.
• As a technical lead responsible for the security of Apple's internet-facing services and backend infrastructure, you will be: Innately curious, listening for nuances and digging into details to understand systems and their weaknesses; Able to identify areas that are ripe for improvement and establishes appropriate security goals; Experienced and comfortable establishing relationships with teams to drive security improvements; Current on new security technologies, vulnerabilities, and methodologies; An excellent verbal and written communicator; Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows; Able to use data to drive security review efficiency and prioritize high-value security team engagement Responsible for security decisions impacting millions of users.

Tags & Categories