Security Domain Expert, Perimeter and Network Security, Enterprise Technology Services

About The Position

Requirements

• Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent technical discipline.
• 12+ years of experience in security engineering or security architecture, with a strong hands-on technical foundation.
• Deep expertise in perimeter and network security — WAF design, DDoS mitigation strategies, bot detection techniques, TLS/mTLS, TCP/IP, HTTP/HTTPS, and DNS security.
• Strong understanding of proxy technologies (NGINX, Envoy, HAProxy) across edge, origin, service mesh, and API gateway tiers — including how security controls are implemented and enforced at the proxy layer.
• Experience with security policy enforcement and configuration management across distributed infrastructure at scale.
• Familiarity with systems that span on-premises data centers and public cloud environments (GCP, AWS).
• Proven experience representing a security team as a domain authority — in architecture reviews, security forums, executive briefings, and cross-organizational planning.
• Experience working directly with application and infrastructure teams to understand their traffic and security requirements and design integrated solutions.
• Ability to communicate complex security topics with equal clarity to engineers and senior leadership.
• Track record of influencing security direction and outcomes across organizational boundaries without direct management authority.
• Excellent written and verbal communication skills.

Nice To Haves

• M.S. in Computer Science, Computer Engineering, Cybersecurity, or Information Security.
• Experience with proxy engine internals — C, C++, Lua, or WASM-based customization of NGINX, Envoy, or similar engines for implementing security controls in the runtime data path.
• Experience with L4/L7 proxy architectures, protocol-level security, and load balancing strategies.
• Understanding of orchestration/control plane systems for security policy distribution and lifecycle management at fleet scale.
• Familiarity with OWASP threat models, CVE analysis, threat landscape trends, and security incident response from an engineering perspective.
• Experience with service mesh architectures (Istio, Envoy-based), API & AI security gateway patterns, and containerization (Kubernetes, Docker).
• Knowledge of real-time threat intelligence distribution and event-driven security telemetry at scale.
• Recognized contributions to the security community — conference talks, published research, open-source contributions, or patents.

Responsibilities

• Serve as the outward face and technical authority of Apple's perimeter and network security platform.
• Represent the team in architecture forums, security reviews, and leadership briefings.
• Advise partner teams on how security capabilities address traffic and security challenges.
• Represent the team's technical perspective in cross-organizational forums.
• Serve as the bridge between the engineering team and the broader Apple ecosystem.
• Work directly with application teams to understand their security requirements.
• Synthesize cross-team needs to inform platform strategy and roadmap.
• Translate technical security concepts into clear narratives for leadership.
• Engage technically with security and infrastructure teams.
• Communicate with executive leadership.