As part of DevOps and security efforts on the Apple Health Software team, you’ll be working at the foundation of Apple’s core values. We support products and platforms that empower our customers to live healthier lives, while keeping their data private and secure. You’ll be responsible for upholding our high DevOps and security standards, while strengthening them through new programs, processes, and tooling. This role works cross-functionally across teams within Apple Health Software, and regularly partners with our peers in Apple Information Security. A builder mindset, and an obsession with delivering great customer experiences, are essential. Serving customers both inside and outside of Apple, we exist to empower the work of others, without compromising security.

DESCRIPTION

We’re looking for an experienced DevSecOps engineer, with specific expertise in application security or infrastructure security. Your work will be a mix between technical and human centered, as we work to build quality infrastructure and a strong security culture within Apple Health Software. Bring ideas and passion, as you’ll have room to shape this role and our roadmap. Initial responsibilities will include: -Building security-focused infrastructure and process automations, with a focus on shifting security left in the software development lifecycle -Reviewing code (primarily Java and Python) for vulnerabilities, and guiding remediation efforts -Leading security efforts in design reviews, and guiding the creation of a comprehensive threat modeling program -Engaging with engineers and internal customers to answer questions, respond to concerns, and empower work organization-wide -Contribute to vulnerability management efforts, to help teams prioritize and remediate known vulnerabilities -Joining DevOps on-call rotation to support our infrastructure and customers Beyond that, your journey can take many paths. As we build a culture of security excellence, here are a few ideas we’re excited to work on: -Build an offensive security program and methodology to conduct security assessments, penetration tests, and red team engagements -Lead fun security demonstrations, workshops, and exercises for our software engineers, in order to strengthen security awareness and secure software development

MINIMUM QUALIFICATIONS

• 5 years of experience with offensive security work, including security assessments, penetration tests, or red team engagements
• Experience with threat modeling
• Experience evaluating and implementing security tooling throughout the software development lifecycle
• Familiarity with a variety of services offered by public clouds like Amazon Web Services (AWS) and Google Cloud Platform (GCP)
• Familiarity with containerization technologies like Docker and Kubernetes
• Strong familiarity high-level programming languages like Java and Python
• BS Computer Science or equivalent

PREFERRED QUALIFICATIONS

• Familiarity with infrastructure and security automation, including best practices
• Experience conducting code reviews, finding vulnerabilities, and providing suggestions for remediation
• Experience contributing security input to design reviews
• Strong communication and cross-functional skills, including ownership and a desire to work with others on creative solutions, without compromising security
• Curiosity, the desire to keep learning, and the ability to change your mind

Please refer the Job description for details