• Scope and lead focused security reviews on critical internet scale applications and supporting infrastructure.
• Learn the services architecture and risk profile to build a scope that enables meaningful security review.
• Conduct high-depth and quality reviews.
• Go beyond vulnerabilities by communicating important observations with stakeholders and leadership.
• Lead and scope goal or objective oriented Red Team exercises, including phases of attacker emulation: reconnaissance, exploitation, pivoting, and stealth.
• Help define, document, and automate security best practices.
• Advocate for platform-wide security enhancements.

You will be:

• A technical expert responsible for enumerating risks or exploit chains.
• A technical expert capable of identifying engagement scope, planning reviews, then executing those reviews to identify vulnerabilities and improvement opportunities.
• Able to identify areas that are ripe for improvement and establish appropriate security goals.
• Adept at building relationships with engineering and leadership teams to drive security improvements.
• Current on new security technologies, vulnerabilities, and methodologies.
• An excellent verbal and written communicator.
• Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows.
• Responsible for security decisions impacting hundreds of millions of users.

Required Qualifications

• 6+ years in an information security field or software engineering
• Four or more of those years conducting security reviews
• Bachelor's degree in Computer Science / Engineering or a related field, with emphasis in security-related areas (or equivalent experience)
• Extensive infrastructure, cloud, and application security experience
• Ability to reason about security of a large and complex application or infrastructure
• Desire to go deep on complex systems for extended engagements

Preferred Qualifications

• Desire to construct narratives and build exploit chains that relate to the business
• Ability to reason about and influence software architecture for security
• Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc.
• Threat modeling and communicating risk to engineering and leadership teams

Pay & Benefits

At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $166,600 and $296,300, and your base pay will depend on your skills, qualifications, experience, and location.

Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan. You’ll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation.

Learn more about Apple Benefits.

Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.

Additional Information

Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.