Do you want first crack at uncovering security vulnerabilities and protecting millions of users? Join the Wallet, Payments & Commerce (Apple Pay) Penetration Testing team and play a critical role in safeguarding our innovative services such as: - Apple Pay, Apple Cash, Apple Card, Tap-to-Pay - Wallet passes for Transit, Access and Identity - Payment systems that invoke processor APIs for our merchant properties (App Store, Apple Retail, Apple Store Online, and other digital store fronts)

DESCRIPTION

As a Security Engineer on our team, you’ll be at the forefront of protecting customers by conducting continuous, in-depth security assessments. You will be challenged to solve complex technical problems, automate repetitive tasks, and influence the security posture of Apple services. You’ll collaborate directly with internal teams to solve challenging software security problems and ensure secure development practices. We aren’t builders. While we offer design and fix advice to engineering teams, we aren’t a development team. We generally spend none of our time coding and don’t need a dedicated developer.

MINIMUM QUALIFICATIONS

• 5+ years manually penetration testing server application and infrastructure-as-code software with a focus on identifying vulnerabilities that automated tools miss
• Manually audit the Java and/or Kotlin source code of web services and software authored in house by Apple
• Create and implement threat mitigation plans to address identified vulnerabilities and improve the overall security posture of Apple services
• Possess a strong desire to cultivate talent and mentor pentesters with various skill levels

PREFERRED QUALIFICATIONS

• Experience in a DevOps culture
• Integrating security into teams that use CI/CD to deploy code quickly
• Conducting penetration tests of large scale AWS deployments
• Security code review of services written in either Kotlin or Go

Please refer the Job description for details