The Engineering Solutions team is tasked with building components and applications for both internal use as well as external customer use. This position will be responsible for implementing standardized security practices across the varied teams that are part of this IS&T division. We are looking for an individual with a background in Security, especially penetration testing, and proven project management ability. The position will require skill in cross-functional engagement with the Apple Information Security teams, and excellent influencing and communication skills.
- 5+ years of experience in manually testing web applications or enterprise penetration testing
- Extensive hands on experiences with security tools like Nessus, Fortify, Webinspect, Qualys, Burp etc.
- Strong knowledge in current securitythreats, trends, and mitigation.
- Passion for discovering and researching new vulnerabilities and exploitation techniques.
- Passionate about securing Apple’s products & customers
- Expert familiarity with multiple programming languages and secure coding practices. In-depth software engineering and development lifecycle knowledge
- Able to discuss risk assessments with audiences of various technical & business backgrounds. Demonstrated ability to work in a matrix environment, and ability to influence at all levels. Comfortable with fast-paced, schedule driven development
- Experience integrating security practices into product focused engineering teams
- Ability to identify gaps in security focused tooling & lead a peer group through project planning, scheduling, and execution.
- Strong verbal & written communication skills
- Proficiency in either Mac OS X and/or other flavors of UNIX/Linux
- Experiences with databasesecurityaudit is big plus
- Programming skills in Java, Objective C or similar languages a plus
- Ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to participate in application architecture reviews.
- Self motivated and proactive with demonstrated creative and critical thinking capabilities.
Other responsibilities include:
• Security research on the latest best practices, trends, threats and vulnerabilities, and technology frameworks
• Documenting and disseminating security guidelines for common security issues, remediation guidance, and security technology baselines
• Developing tools and exploits to support application security review and/or penetration testing. Work cross-functionally with teams providing security consulting services and driving new security initiatives.
BS degree or higher in Computer Science (or similar) degree
CISSP, GPEN, GWAPT, CEH certifications are preferred