Protect Our Digital Frontline
As a key member of our foundational team, you will be instrumental in partnering with security engineering teams to determine the data-driven insights and automations required to enforce security invariants and policies. Your focus will be on providing high confidence in the integrity of our frontline mitigations and boundaries. When regressions or violations are detected, you will ensure that we have built the right relationships, agreements, and processes to efficiently address these issues.
You will work alongside a wide variety of teams, and your influence will be felt throughout our extraordinary products, including the iPhone, Apple Vision Pro, Mac, and Apple TV. We are looking for someone with a strong understanding of security engineering principles, software delivery, and secure SDLC, as well as an understanding of the engineering challenges, organisational dynamics, and process trade-offs of building a continuous security capability.
Responsibilities will include harnessing available build data to derive meaningful security insights, learning how our software is built end-to-end to determine impactful intervention points, partnering with infrastructure engineers to deploy automations to production, and helping engineers make better, more secure choices during development. This position may require travel to other sites, vendors, and security conferences.
Requirements
* Proven experience building and integrating security-enforcing controls across the full software lifecycle
* Programming background in Python, Swift, C, C++, and/or Objective-C
* Knowledge of OS security fundamentals, including contemporary mitigation techniques and vulnerability classes
* Exceptional ability to communicate clearly and effectively about technical topics
Preferred Qualifications
* Knowledge of macOS and iOS security architectures
* Knowledge of observability tools and techniques
* Experience building visualisations for complex technical information
* Enthusiasm for new technologies and growth
* Experience driving security projects to identify software regressions
* Experience with CI/CD integrations, binary analysis, telemetry analysis, build verifiers, IDE, and compiler security plug-ins