SaaS Security Engineer

Summary

Posted: Feb 13, 2025

Role Number:200590995

Apple is seeking a Software-as-a-Service (SaaS) Security Engineer within the Apple Information Security (AIS) organization. We are looking for an experienced security professional who is passionate and knowledgable about SaaS, Cloud, and Web Application Security. This position will be responsible for ensuring the security maturity of Apple's most critical SaaS assets and developing new methods to scale the program while reducing Apple's attack surface.

Description

* This position requires a broad mix of technical expertise coupled with polished communication and emotional intelligence to influence our SaaS Supplier's and Business Partners. * The successful candidate will have a passion for technical excellence and team collaboration with a heavy focus on offensive security . This role will work closely with business parters, peer security teams, and Suppliers to ensure the secure design, deployment, and configuration of new and existing SaaS. * Perform security architecture reviews and threat models of the full stack of SaaS, including applications built on cloud and emerging technologies with an understanding and impact of the shared responsibility model. * Conduct targeted penetration and application testing of SaaS to provide true validation of the security posture of Apple use-cases. This role requires creative thinking and a tailored approach across a diverse population of Cloud-based products and services. * Work cross-functionally with business teams and defense to execute Purple Team engagements to enhance threat and anomaly detections. * Proactively identify vulnerabilities and misconfigurations across Apple's SaaS population. * Provide clear and detailed risk reduction and remediation guidance to 3rd Party SaaS Suppliers and Apple business teams. * Research new and emerging threats to ensure Apple's assessment methodology is keeping pace with security trends. * Deliver program enhancements to approach, methodology, and focus areas. * Thrives in a fast pace environment with the ability to effectively shift priorities due to evolving business needs and emerging security trends.

• 5+ years of work experience with manually testing SaaS and Web Applications.
• Experience with evaluating and testing the security of Public Cloud environments (ie; AWS, GCP, Azure).
• In-depth knowledge identifying and protecting against web application and API security vulnerabilities.
• Experience executing Threat Modeling and Design Reviews.
• Strong understanding of Application Security, Cloud Security, Network Security, Identity and Access Management, and Cryptography.
• Experience with Python, Go, and/or bash scripting.
• In-depth knowledge of the security assessment processes and lifecycle with the ability to identify potential improvement areas and gaps in existing processes.
• Excellent written and oral communication skills, including experience
• Understanding of key infrastructure including micro-services architectures, Git, code repositories, Infrastructure-as-a-code, Kubernetes, CI/CD frameworks

• Experience with testing or understanding the threats of AI enabled services.
• Experience with the security implications and testing Electron-based applications.
• Experience with SQL, Databricks, and Spark programming.
• Contributions to the security community such a research, published CVEs, bug-bounty recognitions, open-source projects, blogs or publications.
• Experience using Dynamic Application Security Testing (DAST) capabilities.
• Industry Certifications such as GWAPT, GPEN, GCPN, OSWE.
• Experience in Supply Chain Risk Management
• Bachelors Degree or equivalent work experience

At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $166,600 and $296,300, and your base pay will depend on your skills, qualifications, experience, and location.

Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You'll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.

Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.

• Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.