Security Engineer, Enterprise Technology Services, Early Career

Summary

Posted: Oct 10, 2024

Weekly Hours: 40

Role Number:200571457

There is a lot that goes into building the most secure yet user-friendly devices in the world. We are a unique Software Development group with a charter to secure our platforms, which include iOS software, iOS Devices, and Mac! We build solutions that are used by our customers, engineering teams, and manufacturing environments. We are looking for a candidate who is passionate about both software and hardware security and enjoys highly technical, hands-on role in a dynamic and fast paced environment. This role will be responsible for testing and securing the Software Development Life Cycle, world-wide hardware manufacturing ecosystem and associated global IT infrastructure. Are you ready for this challenging yet highly visible and rewarding opportunity?

Description

Our organization provides security server-side solution to enable various Apple product security features. As part of security team in this organization, we are looking for someone who can drive advancements in security practices, proactively identifying security vulnerabilities, fortifying our platforms against emerging threats and enabling continuous innovation. The existing scope of the work includes the following and will be expanded with emerging new technology and new business initiatives. Perform penetration testing and vulnerability assessments on software applications, API services, and infrastructure. Develop and implement new test plans, methodologies, and tools for assessing hardware and software security. Conduct static code analysis to identify and triage application security issues. Work closely with DevOps and engineering teams to remediate application security vulnerabilities and implement security best practices throughout the Software Development Life Cycle (SDLC). Perform reverse engineering and forensic analysis on software & hardware to identify security vulnerabilities and its exploitability. Rotate between red and blue functions and conduct simulated attacks & defense. Develop security strategies, frameworks, tools, and processes to assess and improve security posture of the organization. Collaborate with hardware design teams to integrate security best practices during product development. Document findings, prepare comprehensive reports, and provide detailed security recommendations for remediation. Fulfill on-call responsibilities for handling security-related incidents. Continuous learning and conduct security research to stay updated on the latest threats, vulnerabilities, attack vectors, and mitigation techniques.

Minimum Qualifications

• Knowledge in at least one scripting language.
• Experience in Computer Science Fundamentals.
• Relevant Internship Experience.
• Bachelors degree in Computer Science or equivalent.

Preferred Qualifications

• Strong understanding of fundamental IT domains including Networking, Operating Systems, Security Principles, Secure Coding Practices, Cryptography and System Administration.
• Experience in security penetration testing, red team exercises, Capture The Flag (CTF) competitions or security related hackathons.
• Experience with software development and secure coding best practices.
• Experience with reverse engineering and exploit development.
• Understanding of cryptographic algorithms, secure boot, secure firmware update mechanisms is a plus!
• Understanding of hardware architecture, microcontrollers, processors, and firmware development and have knowledge in hardware security tools and techniques (e.g., JTAG, oscilloscopes.) is a plus.
• Respect diversity and inclusiveness in a global organization with ability to collaborate and communicate effectively.
• Ability to analyze sophisticated problems, explore the greenfield and devise creative solutions.
• Willingness and ability to travel internationally (up to 1 weeks at a time).