Secure Design: Build Systems Security Reviewer
Apple - Cupertino, CA
posted about 1 month ago
About the position
Embedded within Apple's Security Engineering & Architecture organization, the Secure Design team's mission is to ensure that the software we ship to our customers is secure. We believe that when it comes to building the world's most secure operating systems, collaboration is key. We're looking for a talented and inspired individual to lead threat modeling and security review of Apple's software build system, attacking these internal backend systems before they ship with the goal of better safeguarding our users. Working with some of the best engineers in the world, your influence will have a direct positive impact on the security of Apple's extraordinary products, including iPhone, iPad, Mac, Vision Pro, Apple Watch, and Apple TV. From consulting on both hardware and software, threat modeling, auditing code and reviewing designs, the job is as diverse as it is critical. This position requires someone with strong technical abilities and a passionate desire to secure systems by showing how they can be broken. We design and secure software and infrastructure that affects for hundreds of millions of users. We make products that people LOVE. We are committed to user privacy and security. We have some of the most creative, passionate, hardworking engineers in the industry. We challenge each other to go beyond the norm to find new, innovative ways of solving problems and to make software safer, easier, and more fun to use.
Responsibilities
- Be a technical lead responsible for securing the compute infrastructure that creates and builds the software that Apple ships to its customers.
- Work cooperatively with other parts of Apple on a broad range of technologies and initiatives to enhance security.
- Design new and innovative ways of utilizing secure compute infrastructure while preserving engineering ease-of-use and development velocity.
- Analyze systems, threat model new components, identify security vulnerabilities in implementation, and recommend security controls to ensure security and integrity of our build pipeline.
- Evangelize and drive the adoption of these technologies across the organization.
- Lead groundbreaking security efforts at a scale only found at Apple.
Requirements
- Proficient in security architecture design and review of complex server/infrastructure projects.
- Familiarity with creating threat models for complex software products.
- Ability to influence and collaborate with colleagues (engineering teams) and decision makers to develop secure solutions and to accomplish security goals.
- Understanding of past, current, and emerging software supply chain attacks/threats.
Nice-to-haves
- Experience applying security engineering to software build and delivery pipelines.
- Excellent at multitasking, organizing, and prioritizing complex projects to meet deadlines.
- Background in secure coding, code auditing, and software security testing.
- Experience working with engineering teams to build secure software.
- Proficiency in macOS and/or Linux internals and modern mitigation techniques.
- Programming background in Objective-C, Python, Ruby, Swift, or other similar language.
Benefits
- Comprehensive medical and dental coverage.
- Retirement benefits.
- A range of discounted products and free services.
- Reimbursement for certain educational expenses - including tuition.
- Opportunity to participate in Apple's discretionary employee stock programs.
- Eligibility for discretionary restricted stock unit awards.
- Ability to purchase Apple stock at a discount through Apple's Employee Stock Purchase Plan.
- Potential for discretionary bonuses or commission payments.
- Relocation assistance.
