Summary
Apple is where individual imaginations gather together, committing to the values that
lead to great work. Every new product we build, service we create, or Apple Store
experience we deliver is the result of us making each other's ideas stronger. That
happens because every one of us shares a belief that we can make something wonderful
and share it with the world, changing lives for the better. It's the diversity of our people
and their thinking that inspires the innovation that runs through everything we do.
When we bring everybody in, we can do the best work of our lives. Here, you'll do more
than join something — you'll add something.
There is a lot that goes into building the most secure yet user-friendly devices in the
world. We are a unique Software Development group with a charter to secure our
platforms, which include iOS software, iOS Devices, and Mac. We build solutions that
are used by our customers, engineering teams, and manufacturing environments. We
are looking for a candidate who is passionate about both software and hardware
security and enjoys highly technical, hands-on role in a dynamic and fast paced
environment. This role will be responsible for testing and securing the Software
Development Life Cycle, world-wide hardware manufacturing ecosystem and associated
global IT infrastructure.
As a member of our fast-paced group, you will have the unique and rewarding
opportunity to shape and improve the software that allows our products to surprise and
delight billions of Apple's customers every day! If you're excited by the idea of making a
real impact, and joining a team where we pride ourselves in being one of the most
diverse and inclusive companies in the world, a career with Apple will be your dream
job!
Description
Our organisation provides security server-side solution to enable various Apple product
security features. As part of security team in this organisation, we are looking for
someone who can drive advancements in security practices, proactively identifying
security vulnerabilities, fortifying our platforms against emerging threats and enabling
continuous innovation. The existing scope of the work includes the following and will be
expanded with emerging new technology and new business initiatives.
Responsibilities
- Perform penetration testing and vulnerability assessments on software applications, API services, and infrastructure.
- Develop and execute new test plans, methodologies, and tools for assessing hardware and software security.
- Conduct static code analysis to identify and triage application security issues.
- Work closely with DevOps and engineering teams to remediate application
- security vulnerabilities and implement security best practices throughout the Software Development Life Cycle (SDLC)
- Assist in application and infrastructure security reviews to identify gaps in best practices, and collaborate with stake holder teams to improve security posture
- Perform reverse engineering and forensic analysis to identify security vulnerabilities and its exploitability.
- Rotate between red and blue functions and conduct simulated attacks & defence. Develop security strategies, frameworks, tools, and processes to assess and improve security posture of the organisation.
- Collaborate with hardware design teams to integrate security best practices during product development.
- Document findings, prepare comprehensive reports, and provide detailed security recommendations for remediation.
- Fulfill on-call responsibilities for handling security-related incidents.
- Leverage LLM technologies to create security testing and investigation tools
- Continuous learning and conduct security research to stay updated on the latest threats, vulnerabilities, attack vectors, and mitigation techniques.
Minimum Qualifications
- Understanding of fundamental IT domains including Networking, Operating Systems, Security Principles, Secure Coding Practices, Cryptography and System Administration.
- Knowledge of infrastructure security and physical security best practices
- Understanding of software development and secure coding best practices.
- Ability to analyse complex problems, explore the greenfield and devise creative solutions.
- CS/EEE with solid foundation of computer engineering
- Demonstrated up to 6 years of relevant experience
Preferred Qualifications
- Respect diversity and inclusiveness in a global organisation with ability to collaborate and communicate effectively
- Strong team player with adaptability
- Knowledge in reverse engineering and exploit development, especially with hands-on
- experience in security penetration testing, red team exercises, Capture The Flag (CTF) competitions or security related hackathons.
- Understanding of cryptographic algorithms, secure boot, secure firmware update mechanisms is a plus.
Apple is an equal opportunity employer that is committed to inclusion and diversity. Apple provides reasonable accommodations to applicants with disabilities and in accordance with local requirements. Apple is a drug-free workplace.
At Apple, we believe accessibility is a fundamental human right. You'll find that idea reflected in everything here — in our culture, our benefits and our digital tools. By welcoming as many perspectives as possible, we help you build a career where you feel like you belong.
Learn about accessibility in Apple's workplace
Role Number: 200665085-3278
