Security Engineer, Retail Engineering

Summary

Posted: Nov 20, 2024

Weekly Hours: 40

Role Number:200558387

As a Security Engineer in Retail Engineering, you’ll be responsible for securing the Apple Online Store and flagship retail stores, through to business-critical backend customer and payment systems. Along the way you’ll be encouraged to grasp the security implications of new technologies such as machine learning and cloud.

Description

– Conduct RedTeams engagements and penetration testing against a wide variety of technologies. Ability to communicate these findings in high-quality reports and presentations – Perform threat models and architecture reviews of sophisticated projects – Provide mentorship and education to partnering teams – Build relationships, influence and improve security culture via various initiatives (presentations, training, etc) – Participate in, or lead Red Team operations against large organizations within Apple – Support partnering blue teams in responding to threats and improving detections – Develop tooling to support primary responsibilities – Deliver security campaigns and initiatives to improve the security posture of the organization

Minimum Qualifications

• Strong ability to penetration test application, infrastructure and cloud environments
• Experience performing threat models or architecture reviews
• Strong understanding of fundamental networking and security concepts
• Programming/scripting skills, and ability to read and audit various programming languages, (Go, Java, JavaScript, Python etc)
• Proficiency in MacOS and other Unix based systems
• Knowledge of cloud architecture and security

Preferred Qualifications

• BS in Computer Science or equivalent
• OSCP or OSWE certification
• Experience with CTFs or hacking labs
• Experience securing and pentesting mobile applications
• Experience participating in or leading red teams or similar offensive security engagements
• Publications, security research, bug bounties or CVEs are highly regarded
• Experience presenting to technical and non technical audiences
• Passion for information security
• Ability and motivation to learn new skills, concepts and technologies
• Excellent written and verbal communication skills
• Ability to take ownership of security problems, and drive remediation to competition
• Self-motivated, able to work individually and as part of a global team
• Ability to grasp large sophisticated systems and context-switch when needed