Software Development Engineer – Security

About The Position

Requirements

• Master’s degree or foreign equivalent in Computer Science or a related field and 5 years of experience in the job offered or related occupation.
• 4 years of experience with each of the following skills is required:
• Utilizing Java, Python, and JavaScript skills to conduct code review to identify security vulnerabilities
• Using financial frameworks, including PCI, and providing design principles on how to secure these environments
• Securing software supply chain and mono-repos by writing software tooling to identify vulnerable 3rd party software libraries
• Writing tooling to detect software misconfigurations and integrating these tools with Git and Jenkins
• Securing software and infrastructure for handling privacy sensitive data such as Personal Identifiable Information (PII) or Protected Health Information (PHI) and providing written guidance
• Securing machine learning infrastructure for privacy sensitive data processing by providing engineering guidance and design principles
• Utilizing threat modeling methodologies including STRIDE and applying the methodology to large scale cloud services infrastructure and delivering written reports with findings
• Developing secure by default libraries and infrastructure as code templates, and integrating these into the Software Development Life Cycle
• Developing Cloud Security Standards specifically around cryptographic device attestation
• Securing Linux kernel and secure boot to ensure a trusted platform for processing and storing sensitive information

Nice To Haves

• N/A

Responsibilities

• Responsible for the security of Apple's internet-facing services and backend infrastructure.
• Identify areas that are ripe for improvement and establishing appropriate security goals.
• Conduct third-party cloud service security reviews to ensure that any team at Apple using third-party cloud is secure by default.
• Provide security requirements to engineering teams developing infrastructure and platform services.
• Perform application security assessments of customer-facing features and deliver security guidance.
• Provide secure software development life cycle guidance to engineering teams and platform owns to ensure that software is developed securely.
• Engage with engineering teams to provide security consultation services to ensure the security of software and infrastructure.
• Perform security verification reviews to ensure that developed software is built per the secure design specifications.
• Stay current on new security technologies, vulnerabilities, and methodologies.
• Develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows.
• Drive security review efficiency and prioritize high-value security team engagement.

Benefits

• Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs.
• Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan.
• Comprehensive medical and dental coverage
• retirement benefits
• a range of discounted products and free services
• for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition.
• this role might be eligible for discretionary bonuses or commission payments as well as relocation.