Senior Offensive Security Engineer
1 week ago
Weekly Hours: 40
Role Number: 200600552-3337
Summary
We are the Apple Services Engineering (ASE) Security Red Team. We focus on deep technical security review work of critical ASE services and infrastructure. These security reviews will be scoped and focused on review depth and quality. We are growing our team and looking a Senior Staff Security Engineer to lead deep reviews that identify meaningful security improvement opportunities. In this role, you will work closely with the security engineering, InfoSec, privacy, SRE, detection and design review teams to keep Apple's services secure for our users. You will identify security weaknesses, validate and design detection mechanisms, and provide actionable recommendations to enhance our security posture. You will go beyond simple to find risks and identify obscure and complex risks within complex services. You will collaborate with various architecture and engineering teams to continuously validate and improve our security controls and detection capabilities, with a strong focus on developing repeatable testing frameworks and metrics-driven security improvements. If you love diving into complex and important systems, and driving the security of that system over time, we want to talk to you
Description
In this role, you will scope and lead focused security reviews on critical internet scale applications and supporting infrastructure. You will learn the services architecture and risk profile to build a scope that enables a meaningful security review. You will be: A technical expert responsible for the enumerating risks, planning reviews, and executing those reviews to identify vulnerabilities and improvement opportunities; A technical expert in uncommon and obscure risks; A technical expert in complex business logic risks that require a depth of understanding of the services and their architectures; Able to identify areas that are ripe for improvement and establish appropriate security goals; Current on new security technologies, vulnerabilities, and methodologies; Able to develop proof of concept systems to automate security recommendations, vulnerability discovery, and process workflows
Minimum Qualifications
-
8+ years in an information security field or software engineering; four or more of those years conducting security reviews
-
Extensive infrastructure, cloud and application security experience
-
Experience communicating risk to engineering and leadership teams
-
Ability to reason about security of a large and complex application or infrastructure
-
Experience going deep on complex systems for extended engagements
Preferred Qualifications
-
Bachelors degree in Computer Science / Engineering or a related, with emphasis in security related fields (or equivalent experience)
-
Experience constructing narratives and building exploit chains
-
Ability to reason about and influence software architecture for security
-
Community contributions like public CVEs, bug bounty recognition, open source tools, blogs, talks etc.
Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) .
-
Senior Security Engineer, Offensive Security
2 weeks ago
Seattle, WA, United States Anduril Industries Full timeAnduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century's most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril's...
-
Senior Security Engineer, Offensive Security
6 days ago
Seattle, WA, United States Anduril Industries Full timeAnduril Industries is a defense technology company with a mission to transform U.S. and allied military capabilities with advanced technology. By bringing the expertise, technology, and business model of the 21st century's most innovative companies to the defense industry, Anduril is changing how military systems are designed, built and sold. Anduril's...
-
Offensive Security Engineer, Agent Security
2 weeks ago
Seattle, WA, United States OpenAI Full timeAbout the Team Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI's technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our...
-
Senior Security Engineer
1 week ago
Seattle, WA, United States GuidePoint Security Full timeGuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies,...
-
Senior Security Engineer
1 week ago
Seattle, WA, United States GuidePoint Security Full timeGuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies,...
-
Senior Security Engineer
4 days ago
Seattle, WA, United States GuidePoint Security Full timeGuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies,...
-
Senior Security Engineer
1 hour ago
Seattle, WA, United States GuidePoint Security Full timeGuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation's top organizations, such as Fortune 500 companies and U.S. government agencies,...
-
Seattle, WA, United States Boeing Full timeMid-Level or Senior Product Security Log Analytics Engineer Company: The Boeing Company Boeing Commercial Airplanes (BCA) is seeking a Mid-Level (Level 3) or Senior (Level 4) Product Security Log Analytics Engineer to join our Cybersecurity Innovation team onsite in Seattle, WA or Everett, WA. This position is the primary focal leading the team responsible...
-
Seattle, WA, United States The Boeing Company Full timeJob Description At Boeing, we innovate and collaborate to make the world a better place. We're committed to fostering an environment for every teammate that's welcoming, respectful and inclusive, with great opportunity for professional growth. Find your future with us. Boeing Commercial Airplanes (BCA) is seeking a Mid-Level (Level 3) or Senior (Level 4)...
-
Senior Product Manager, AI Security
2 weeks ago
Seattle, WA, United States Seattle Staffing Full timeSenior Product Manager, AI Security HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure,...
