Senior Security Engineer

About The Position

Requirements

• Extensive experience in designing, reviewing, and implementing secure architectures for complex applications and infrastructure.
• Extensive experience manually testing web applications and/or enterprise penetration testing.
• Extensive experience with a scripting language (e.g. Python, PHP, Ruby) and a programming language (e.g. Java, Swift, C).
• Proficiency in some form of UNIX.
• You have the ability to explain basic networking concepts (routing, ACLs, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback.
• You have a background in web application development and/or code auditing.
• You have strong verbal and written interpersonal skills.
• You have a real passion for discovering and researching new vulnerabilities and exploitation techniques.
• You are deeply accountable for your work.
• You are upbeat, adaptable, and results-oriented with a positive attitude.
• BS in Computer Engineering with specialization in Information Security or 4+ years of equivalent, hands-on information security experience in a large enterprise environments a plus.

Nice To Haves

• Experience with offensive and automation tool development.
• Experience with vulnerability scanning tools: network, SAST, and DAST.
• Familiarity with testing services that employ AI/LLMs and the OWASP Top 10 for LLMs.
• Experience leveraging AI/LLMs for security testing and automation.
• Experience with one or more public cloud services (e.g. AWS, GCP, AliCloud).
• Experience with Kubernetes and container security.
• Experience with common authentication protocols (e.g. SAML, OIDC).

Responsibilities

• Perform full-stack security architecture reviews, encompassing cloud-native and emerging technologies.
• Conduct manual application security testing and source code auditing across diverse technologies, providing clear and detailed risk assessments and remediation guidelines for developers and business owners.
• Conduct penetration testing targeting critical Apple data, services, and environments.
• Report underlying security issues and propose enhanced security protections.
• Conduct in-depth security research on the latest industry best practices, emerging trends, threats, vulnerabilities, and technology frameworks.
• Develop and disseminate comprehensive security guidelines, remediation guidance, and security technology baselines for common issues.
• Develop custom security tools, exploits, and products to improve threat modeling, application security reviews, and penetration testing capabilities.
• Research and develop tools to improve static analysis framework capabilities (e.g. accuracy, coverage, and efficiency of detections).