Security Engineer - Ad Platforms

At Apple, we work every single day to build products that enrich people's lives. Our Advertising Platforms group makes it possible for people around the world to easily access informative and visionary content on their devices while helping publishers and developers promote and monetize their work. Our technology makes advertising possible on the App Store, Apple News, Stocks, and Apple TV. We help developers and marketers of all sizes drive app discovery across the App Store. Our display ads on Apple News and Stocks let advertisers promote their products alongside trusted content from the world's best journalists. Sponsorship integrations and experiences in live sports on Apple TV help advertisers connect with passionate fans. Everything we do is with the unwavering commitment to privacy you expect from Apple. Because when advertising is done right, it benefits everyone! Description We're seeking an Information Security engineer who is passionate about protecting our critical infrastructure and services! As an Information Security engineer, you will collaborate with engineering leaders, developers, quality engineers, and security teams to secure Ad Platforms' applications and services, present and future. Your responsibilities will include assessing the risk landscape for products, and helping drive risk mitigation. You will work with partner teams on security tools, penetration testing, and security testing methodologies to keep Ad Platforms services secured. You'll experience a constantly evolving technology and threat landscape and contribute to the education of teams on compliance activities throughout the development lifecycle. You should expect to be exposed to a broad range of systems, including web applications, big data, distributed processing, and virtualized environments. RESPONSIBILITIES INCLUDE - Conducting security reviews of the service stack, including applications built on cloud and new technologies - Helping build new security tooling and services to support developers at scale - Performing security testing on new applications, products, and features before they are released - Reviewing source code for potential security issues - Designing and automating security test cases to check for vulnerabilities or broken/missing security controls - Providing specific risk assessment and remediation guidelines for developers and business owners - Triaging and reviewing findings from security tools including static and dynamic scanners - Researching the latest security best practices, trends, threats and vulnerabilities, and technology frameworks - Documenting and disseminating security guidelines for common security issues, remediation guidance, and security baselines - Working with developers to provide security guidance and mentor them on secure development practices - Developing tools and exploits to support security testing - Writing automations to streamline common tasks, tests, workflows, etc. - Keeping up with industry trends in security technology and threats Minimum Qualifications • 4+ years of relevant Information Security experience • Proficient with a scripting language (e.g., Python, Bash, Go). • Experience with Java or Javascript • Passion for understanding and researching vulnerabilities and exploitation techniques • Knowledge of development and integration tools and technologies (e.g. CI/CD) • Knowledge of securing applications in cloud (i.e. Docker, Kubernetes) • Experience with common security tools i.e. SAST or DAST • Understanding of core networking concepts (firewalls, load balancers, etc) • Understanding of cryptography • A strong understanding of web application security threats, exploits, prevention (Injection, platform hardening, etc) • Prior experience/background in web application development • Ability to triage, reproduce, and recommend remediations for vulnerabilities • Excellent communication and interpersonal skills Preferred Qualifications • 7+ years of relevant Information Security experience Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant. Apply Job!