The Detection team within Apple Services Engineering (ASE) is responsible for building advanced detections that protect approximately three-quarters of Apple’s systems and services. We achieve this by partnering closely with engineering teams to develop a deep technical understanding of how these systems operate, along with a comprehensive grasp of the threat landscape. This allows us to build state-of-the-art security detections that proactively defend against real-world attacks. In this role, you’ll drive the development of innovative detection technologies that uncover malicious activity within our existing datasets and alert streams. You’ll need a deep understanding of attacker behavior, along with the technical ability to independently design and build systems that transform large volumes of raw signals into high-fidelity, actionable alerts. We’re looking for someone who’s not just technical, but curious. Someone who’s excited to chase down threats, lead initial investigations, and collaborate closely with other teams to refine and scale our detection capabilities. This role offers the opportunity to shape the future of Apple’s security and make a meaningful impact on the safety and privacy of billions of users worldwide. If you’re passionate about blending code, data, and security to stay one step ahead of attackers, we’d love to hear from you!

DESCRIPTION

As part of the ASE Detection Team, you will: - Deliver technology and insights to get more value out of existing datasets and detection alerts combining existing datasets and detection signals to surface up high quality alerts and malicious activities. - Deliver technology to facilitate and/or automate efficient initial analysis and investigation of the roll-up alerts, leveraging Slack Ops. - Perform initial triage and security investigation of roll-up alert triggers, then work cross-team if incident response is needed. - Drive improvement in manual response to detection alerts.

MINIMUM QUALIFICATIONS

• 7 years of experience developing and delivering technology. 5 years should be hands-on writing code in either Scala or Python.
• Masters Degree in Data Science, Statistics, Mathematics, Computer Science, Engineering, or Information Systems. Educational coursework must have provided a strong foundation in statistical theory, algorithms, and data structures.
• Credible understanding of real attacker behaviors (e.g. threat intelligence, incident response, threat hunting, red teaming, etc).
• Proven track record to incubate technology solutions “from zero to one” with minimal guidance.

PREFERRED QUALIFICATIONS

• Experience delivering systems to find very small amounts of signal in a very large dataset that has high noise.
• Publicly accessible source code or published papers related to finding very small amounts of signal in a very large and diverse dataset.
• Experience developing custom slack integrations, and integrating with various ticket tracking systems.
• Experience with kubernetes.
• Experience with web services and databases.
• Experience with syscall events especially around network and process.
• Experience with kernel and virtualization stacks.

Please refer the Job description for details