Apple
Senior Staff Security Engineer - Red Team
Apple, Seattle, Washington, us, 98127
Senior Staff Security Engineer - Red Team
Seattle,Washington,United States
Software and Services
Apple Services Engineering (ASE), the team behind Apple Services (iCloud, App and Media) and the infrastructure that powers it, is looking for security engineers to partner with engineering teams working on significant services. You will collaborate with developers, site reliability engineers, and security teams to protect ASE services. Your work will include end-to-end security assurance activities including security architecture, threat modeling and extensive security testing. The ASE Security Red Team focuses on deep technical security review work of critical ASE services and infrastructure. These security reviews will either be scoped and focused on review depth, or objective oriented with exploit chain enumeration. You will be working with partner teams in security engineering, privacy, detection and design review to keep Apple's services secure for our users. If you love diving into complex and important system, and driving the security of that system over time, we want to talk to you!
Description
In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. Within these depth focused engagements, you will learn the services architecture and risk profile to build a scope that enables meaningful security review. Once the review starts, you and the team will review with a high bar for depth and quality. After the review, you will go beyond vulnerabilities, communicating with stakeholders and leadership important observations. You may also lead and scope goal or objective oriented Red Team exercises. Your Red Team exercises will include the standard phases of attacker emulation, like reconnaissance, exploitation, pivoting and stealth. Using insights from these engagements, you will help define, document, and automate security best practices, as well as advocate for platform-wide security enhancements to raise the security bar for all engineering teams at Apple. You will be: * A technical expert responsible for the enumerating risks or exploit chains. * A technical expert capable of identifying engagement scope, planning reviews, then executing those reviews to identify vulnerabilities and improvement opportunities. * Able to identify areas that are ripe for improvement and establishes appropriate security goals * Adept at building relationships with engineering and leadership teams to drive security improvements * Current on new security technologies, vulnerabilities, and methodologies * An excellent verbal and written communicator * Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows * Responsible for security decisions impacting hundreds of millions of users This position will involve some travel to other Apple sites.
Minimum Qualifications
6+ years in an information security field or software engineering
Four or more of those years conducting security reviews
Bachelors degree in Computer Science / Engineering or a related, with emphasis in security related fields (or equivalent experience)
Extensive infrastructure, cloud and application security experience
Ability to reason about security of a large and complex application or infrastructure
Desire to go deep on complex systems for extended engagements
Key Qualifications
Preferred Qualifications
Desire to construct narratives and build exploit chains that relate to the business
Ability to reason about and influence software architecture for security
Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc.
Threat modeling and communicating risk to engineering and leadership teams
Education & Experience
Additional Requirements
Pay & Benefits
At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $166,600 and $296,300, and your base pay will depend on your skills, qualifications, experience, and location.Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan. You’ll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation.Learn more (https://www.apple.com/careers/us/benefits.html) about Apple Benefits.Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.
Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics.Learn more about your EEO rights as an applicant. (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf)
Apple Footer
Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (Opens in a new window) .
Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants. United States Department of Labor. Learn more (Opens in a new window) .
Apple will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law. If you’re applying for a position in San Francisco, review the San Francisco Fair Chance Ordinance guidelines (opens in a new window) applicable in your area.
Apple participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program (Opens in a new window) .
Apple is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. Reasonable Accommodation and Drug Free Workplace policy Learn more (Opens in a new window) .
Apple is a drug-free workplace. Reasonable Accommodation and Drug Free Workplace policy Learn more (Opens in a new window) .
Seattle,Washington,United States
Software and Services
Apple Services Engineering (ASE), the team behind Apple Services (iCloud, App and Media) and the infrastructure that powers it, is looking for security engineers to partner with engineering teams working on significant services. You will collaborate with developers, site reliability engineers, and security teams to protect ASE services. Your work will include end-to-end security assurance activities including security architecture, threat modeling and extensive security testing. The ASE Security Red Team focuses on deep technical security review work of critical ASE services and infrastructure. These security reviews will either be scoped and focused on review depth, or objective oriented with exploit chain enumeration. You will be working with partner teams in security engineering, privacy, detection and design review to keep Apple's services secure for our users. If you love diving into complex and important system, and driving the security of that system over time, we want to talk to you!
Description
In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. Within these depth focused engagements, you will learn the services architecture and risk profile to build a scope that enables meaningful security review. Once the review starts, you and the team will review with a high bar for depth and quality. After the review, you will go beyond vulnerabilities, communicating with stakeholders and leadership important observations. You may also lead and scope goal or objective oriented Red Team exercises. Your Red Team exercises will include the standard phases of attacker emulation, like reconnaissance, exploitation, pivoting and stealth. Using insights from these engagements, you will help define, document, and automate security best practices, as well as advocate for platform-wide security enhancements to raise the security bar for all engineering teams at Apple. You will be: * A technical expert responsible for the enumerating risks or exploit chains. * A technical expert capable of identifying engagement scope, planning reviews, then executing those reviews to identify vulnerabilities and improvement opportunities. * Able to identify areas that are ripe for improvement and establishes appropriate security goals * Adept at building relationships with engineering and leadership teams to drive security improvements * Current on new security technologies, vulnerabilities, and methodologies * An excellent verbal and written communicator * Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows * Responsible for security decisions impacting hundreds of millions of users This position will involve some travel to other Apple sites.
Minimum Qualifications
6+ years in an information security field or software engineering
Four or more of those years conducting security reviews
Bachelors degree in Computer Science / Engineering or a related, with emphasis in security related fields (or equivalent experience)
Extensive infrastructure, cloud and application security experience
Ability to reason about security of a large and complex application or infrastructure
Desire to go deep on complex systems for extended engagements
Key Qualifications
Preferred Qualifications
Desire to construct narratives and build exploit chains that relate to the business
Ability to reason about and influence software architecture for security
Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc.
Threat modeling and communicating risk to engineering and leadership teams
Education & Experience
Additional Requirements
Pay & Benefits
At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $166,600 and $296,300, and your base pay will depend on your skills, qualifications, experience, and location.Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan. You’ll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation.Learn more (https://www.apple.com/careers/us/benefits.html) about Apple Benefits.Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.
Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics.Learn more about your EEO rights as an applicant. (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf)
Apple Footer
Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (Opens in a new window) .
Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants. United States Department of Labor. Learn more (Opens in a new window) .
Apple will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law. If you’re applying for a position in San Francisco, review the San Francisco Fair Chance Ordinance guidelines (opens in a new window) applicable in your area.
Apple participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program (Opens in a new window) .
Apple is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. Reasonable Accommodation and Drug Free Workplace policy Learn more (Opens in a new window) .
Apple is a drug-free workplace. Reasonable Accommodation and Drug Free Workplace policy Learn more (Opens in a new window) .