Security Engineer - Ad Platforms

Description

We're seeking an Information Security engineer who is passionate about protecting our critical infrastructure and services! As an Information Security engineer, you will collaborate with engineering leaders, developers, quality engineers, and security teams to secure Ad Platforms' applications and services, present and future. Your responsibilities will include assessing the risk landscape for products, and helping drive risk mitigation. You will work with partner teams on security tools, penetration testing, and security testing methodologies to keep Ad Platforms services secured. You'll experience a constantly evolving technology and threat landscape and contribute to the education of teams on compliance activities throughout the development lifecycle. You should expect to be exposed to a broad range of systems, including web applications, big data, distributed processing, and virtualized environments. RESPONSIBILITIES INCLUDE - Conducting security reviews of the service stack, including applications built on cloud and new technologies - Helping build new security tooling and services to support developers at scale - Performing security testing on new applications, products, and features before they are released - Reviewing source code for potential security issues - Designing and automating security test cases to check for vulnerabilities or broken/missing security controls - Providing specific risk assessment and remediation guidelines for developers and business owners - Triaging and reviewing findings from security tools including static and dynamic scanners - Researching the latest security best practices, trends, threats and vulnerabilities, and technology frameworks - Documenting and disseminating security guidelines for common security issues, remediation guidance, and security baselines - Working with developers to provide security guidance and mentor them on secure development practices - Developing tools and exploits to support security testing - Writing automations to streamline common tasks, tests, workflows, etc. - Keeping up with industry trends in security technology and threats

Minimum Qualifications

• 4+ years of relevant Information Security experience
• Proficient with a scripting language (e.g., Python, Bash, Go).
• Experience with Java or Javascript
• Passion for understanding and researching vulnerabilities and exploitation techniques
• Knowledge of development and integration tools and technologies (e.g. CI/CD)
• Knowledge of securing applications in cloud (i.e. Docker, Kubernetes)
• Experience with common security tools i.e. SAST or DAST
• Understanding of core networking concepts (firewalls, load balancers, etc)
• Understanding of cryptography
• A strong understanding of web application security threats, exploits, prevention (Injection, platform hardening, etc)
• Prior experience/background in web application development
• Ability to triage, reproduce, and recommend remediations for vulnerabilities
• Excellent communication and interpersonal skills

Preferred Qualifications

• 7+ years of relevant Information Security experience

Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.

Submit Resume