About the position
The Apple Services Engineering Security team is looking for a passionate and skilled Security Software Engineer that will focus on securing the software supply chain across the organization. In this role, you will help build and scale automated security tooling to identify and remediate critical software vulnerabilities at scale. You will partner closely with engineering teams to ensure secure development practices are embedded throughout the lifecycle. This role is ideal for someone with a strong background in application security, code analysis, and a deep understanding of modern software development ecosystems, particularly GitHub and GitHub Advanced Security (GHAS). You will play a key role in developing and deploying custom CodeQL queries to detect vulnerabilities and reduce risk across Apple Services codebases.
Responsibilities
- Develop, deploy, and maintain automated tools to detect and help developers fix critical security vulnerabilities across our services.
- Drive the adoption and scaling of GitHub Advanced Security across engineering teams, ensuring broad coverage and impact.
- Write and maintain custom CodeQL queries tailored to Apple’s codebases and threat model.
- Partner with engineering teams to integrate secure development tooling into their CI/CD pipelines and developer workflows.
- Contribute to internal tooling and frameworks that support scalable, automated supply chain risk reduction.
- Continuously evaluate and improve the effectiveness of our vulnerability detection and remediation capabilities.
- Stay current with the latest supply chain security threats and techniques and help Apple proactively respond to them.
Requirements
- Over five years of experience in software security, with a focus on software supply chain risk.
- Programming skills in Go, Java and Python.
- Deep understanding of secure software development practices and static code analysis.
- Experience building scalable security tools or automation for large developer organizations.
- Excellent collaboration and communication skills; ability to work cross-functionally with security and engineering teams.
Nice-to-haves
- Hands-on experience with GitHub Advanced Security (GHAS), including enabling and managing security features at scale.
- Proficiency with CodeQL and experience writing or customizing CodeQL queries to identify application vulnerabilities.
- Knowledge of vulnerability management, SBOMs, and dependency analysis is a plus.
