About the position
As part of DevOps and security efforts on the Apple Health Software team, you'll be working at the foundation of Apple's core values. We support products and platforms that empower our customers to live healthier lives, while keeping their data private and secure. You'll be responsible for upholding our high DevOps and security standards, while strengthening them through new programs, processes, and tooling. This role works cross-functionally across teams within Apple Health Software, and regularly partners with our peers in Apple Information Security. A builder mindset, and an obsession with delivering great customer experiences, are essential. Serving customers both inside and outside of Apple, we exist to empower the work of others, without compromising security.
Responsibilities
- Building security-focused infrastructure and process automations, with a focus on shifting security left in the software development lifecycle
- Reviewing code (primarily Java and Python) for vulnerabilities, and guiding remediation efforts
- Leading security efforts in design reviews, and guiding the creation of a comprehensive threat modeling program
- Engaging with engineers and internal customers to answer questions, respond to concerns, and empower work organization-wide
- Contribute to vulnerability management efforts, to help teams prioritize and remediate known vulnerabilities
- Joining DevOps on-call rotation to support our infrastructure and customers
- Build an offensive security program and methodology to conduct security assessments, penetration tests, and red team engagements
- Lead fun security demonstrations, workshops, and exercises for our software engineers, in order to strengthen security awareness and secure software development
Requirements
- 5 years of experience with offensive security work, including security assessments, penetration tests, or red team engagements
- Experience with threat modeling
- Experience evaluating and implementing security tooling throughout the software development lifecycle
- Familiarity with a variety of services offered by public clouds like Amazon Web Services (AWS) and Google Cloud Platform (GCP)
- Familiarity with containerization technologies like Docker and Kubernetes
- Strong familiarity with high-level programming languages like Java and Python
- BS in Computer Science or equivalent
Nice-to-haves
- Familiarity with infrastructure and security automation, including best practices
- Experience conducting code reviews, finding vulnerabilities, and providing suggestions for remediation
- Experience contributing security input to design reviews
- Strong communication and cross-functional skills, including ownership and a desire to work with others on creative solutions, without compromising security
- Curiosity, the desire to keep learning, and the ability to change your mind
Benefits
- Comprehensive medical and dental coverage
- Retirement benefits
- A range of discounted products and free services
- Reimbursement for certain educational expenses — including tuition
- Opportunity to participate in Apple's discretionary employee stock programs
- Eligibility for discretionary bonuses or commission payments
- Relocation assistance
