Embedded Security Engineer

Software is often referred to as the "soul" of Apple's products. In this position you will play a critical role in ensuring the security of the systems and infrastructure used to manage, build, and distribute, Apple's software.

We are looking for a proficient Embedded Security Engineer to join our team and contribute to the protection of our critical assets. The ideal candidate will be responsible for conducting comprehensive threat modeling and security assessments, as well as supporting our engineering teams in adhering to established security standards and requirements. This role involves a blend of technical acumen and collaborative skills, as you will develop solutions to identified risks, write test cases for security controls, and actively participate in offensive security assessments.

Key Qualifications

• Proven experience in threat modeling, security assessments, and penetration testing.

• Strong understanding of cybersecurity principles, frameworks, and standards.

• Experience with various programming languages and security tools.

• Excellent analytical, problem-solving, and communication skills.

• Previous experience in a Software Engineering or Operations role

• Experience with python, perl, golang, bash, kubernetes

Description

We're looking for an exceptional candidate with a proven track record in making a security difference in the projects under their purview. Passion for security and development excellency is required. In addition to solid technical skills, candidates should have strong interpersonal and communication skills, be self starters that are comfortable with the unknown and are capable of mentoring engineers and more junior security teammates.

Additionally a candidate should have experience in the following areas:

Threat Modeling and Security Assessments:

• Conduct detailed threat modeling and security assessments of critical assets within our organization.

• Regularly update threat models to reflect evolving threats and changes in the business environment.

Support Engineering Teams:

• Collaborate with engineering teams to ensure compliance with defined security standards and requirements.

• Provide expert guidance and support in the implementation of security measures.

• Develop and maintain documentation outlining security guidelines and best practices.

Development of Technical Security Solutions:

• Create and implement technical solutions to mitigate identified risks.

• Write and maintain test cases to ensure the effectiveness and resilience of security controls.

• Stay abreast of the latest security technologies and trends to enhance our security posture.

• Recommend proactive measures to mitigate potential security issues before they impact the organization.

Security Assessments:

• Lead penetration tests and red team exercises, particularly focusing on the Build Path.

• Proactively identify and explore vulnerabilities in critical software components used across our environment.

• Collaborate with external experts and internal teams to simulate real-world attack scenarios.

• Conduct ongoing research into vulnerabilities affecting critical software components.