Security Engineer, Early Career

at  Apple

SUMMARY

Posted: 12 Aug 2024
Role Number:200562379
Apple is where individual imaginations gather together, committing to the values that lead to great work. Every new product we build, service we create, or Apple Store experience we deliver is the result of us making each other’s ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It’s the diversity of our people and their thinking that inspires the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you’ll do more than join something - you’ll add something. There is a lot that goes into building the most secure yet user-friendly devices in the world. We are a unique Software Development group with a charter to secure our platforms, which include iOS software, iOS Devices, and Mac. We build solutions that are used by our customers, engineering teams, and manufacturing environments. We are looking for a candidate who is passionate about both software and hardware security and enjoys highly technical, hands-on role in a dynamic and fast paced environment. This role will be responsible for testing and securing the Software Development Life Cycle, world-wide hardware manufacturing ecosystem and associated global IT infrastructure. As a member of our fast-paced group, you will have the unique and rewarding opportunity to shape and improve the software that allows our products to surprise and delight billions of Apple’s customers every day! If you’re excited by the idea of making a real impact, and joining a team where we pride ourselves in being one of the most diverse and inclusive companies in the world, a career with Apple will be your dream job!

DESCRIPTION

Our organisation provides security server-side solution to enable various Apple product security features. As part of security team in this organisation, we are looking for someone who can drive advancements in security practices, proactively identifying security vulnerabilities, fortifying our platforms against emerging threats and enabling continuous innovation. The existing scope of the work includes the following and will be expanded with emerging new technology and new business initiatives. • Perform penetration testing and vulnerability assessments on software applications, API services, and infrastructure. • Develop and execute new test plans, methodologies, and tools for assessing hardware and software security. • Conduct static code analysis to identify and triage application security issues. Work closely with DevOps and engineering teams to remediate application security vulnerabilities and implement security best practices throughout the Software Development Life Cycle (SDLC) • Perform reverse engineering and forensic analysis on software & hardware to identify security vulnerabilities and its exploitability. • Rotate between red and blue functions and conduct simulated attacks & defence. Develop security strategies, frameworks, tools, and processes to assess and improve security posture of the organisation. • Collaborate with hardware design teams to integrate security best practices during product development. • Document findings, prepare comprehensive reports, and provide detailed security recommendations for remediation. • Fulfil on-call responsibilities for handling security-related incidents. • Continuous learning and conduct security research to stay updated on the latest threats, vulnerabilities, attack vectors, and mitigation techniques.

• Understanding of fundamental IT domains including Networking, Operating Systems, Security Principles, Secure Coding Practices, Cryptography and System Administration.
• Hands-on experience in security penetration testing, red team exercises, Capture The Flag (CTF) competitions or security related hackathons.
• Understanding of software development and secure coding best practices.
• Respect diversity and inclusiveness in a global organisation with ability to collaborate and communicate effectively
• Ability to analyse complex problems, explore the greenfield and devise creative solutions.

• Willingness and ability to travel internationally (up to 1 weeks at a time).Strong team player with adaptability

PREFERRED QUALIFICATIONS

• Knowledge in reverse engineering and exploit development.
• Understanding of cryptographic algorithms, secure boot, secure firmware update mechanisms is a plus.
• Understanding of hardware architecture, microcontrollers, processors, and firmware development and have knowledge in hardware security tools and techniques (e.g., JTAG, oscilloscopes.) is a plus.

• Understanding of fundamental IT domains including Networking, Operating Systems, Security Principles, Secure Coding Practices, Cryptography and System Administration.
• Hands-on experience in security penetration testing, red team exercises, Capture The Flag (CTF) competitions or security related hackathons.
• Understanding of software development and secure coding best practices.
• Respect diversity and inclusiveness in a global organisation with ability to collaborate and communicate effectively
• Ability to analyse complex problems, explore the greenfield and devise creative solutions.
• Willingness and ability to travel internationally (up to 1 weeks at a time).Strong team player with adaptabilit