Senior Offensive Security Engineer

AppleSeattle, WA
211d$171,600 - $302,200
Match Resume

About The Position

We are the Apple Services Engineering (ASE) Security Red Team. We focus on deep technical security review work of critical ASE services and infrastructure. These security reviews will be scoped and focused on review depth and quality. We are growing our team and looking a Senior Staff Security Engineer to lead deep reviews that identify meaningful security improvement opportunities. In this role, you will work closely with the security engineering, InfoSec, privacy, SRE, detection and design review teams to keep Apple's services secure for our users. You will identify security weaknesses, validate and design detection mechanisms, and provide actionable recommendations to enhance our security posture. You will go beyond simple to find risks and identify obscure and complex risks within complex services. You will collaborate with various architecture and engineering teams to continuously validate and improve our security controls and detection capabilities, with a strong focus on developing repeatable testing frameworks and metrics-driven security improvements. If you love diving into complex and important systems, and driving the security of that system over time, we want to talk to you!

Requirements

  • 8+ years in an information security field or software engineering; four or more of those years conducting security reviews.
  • Extensive infrastructure, cloud and application security experience.
  • Experience communicating risk to engineering and leadership teams.
  • Ability to reason about security of a large and complex application or infrastructure.
  • Experience going deep on complex systems for extended engagements.

Nice To Haves

  • Bachelor's degree in Computer Science / Engineering or a related field, with emphasis in security related fields (or equivalent experience).
  • Experience constructing narratives and building exploit chains.
  • Ability to reason about and influence software architecture for security.
  • Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc.

Responsibilities

  • Scope and lead focused security reviews on critical internet scale applications and supporting infrastructure.
  • Learn the services architecture and risk profile to build a scope that enables a meaningful security review.
  • Enumerate risks, plan reviews, and execute those reviews to identify vulnerabilities and improvement opportunities.
  • Identify uncommon and obscure risks.
  • Identify complex business logic risks that require a depth of understanding of the services and their architectures.
  • Establish appropriate security goals.
  • Stay current on new security technologies, vulnerabilities, and methodologies.
  • Develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows.

Benefits

  • Comprehensive medical and dental coverage.
  • Retirement benefits.
  • A range of discounted products and free services.
  • Reimbursement for certain educational expenses — including tuition.
  • Opportunity to participate in Apple's discretionary employee stock programs.
  • Eligibility for discretionary bonuses or commission payments.
  • Relocation assistance.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Senior

Industry

Computer and Electronic Product Manufacturing

Education Level

Bachelor's degree

Job Search Resources

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service