At Apple, we work every day to create products that enrich peoples lives. Our Advertising Platforms group makes it possible for people around the world to easily access informative and imaginative content on their devices while helping publishers and developers promote and monetize their work. Today, our technology and services power advertising in Search Ads in the App Store and Apple News. Our platforms are highly-performant, deployed at scale, and setting new standards for enabling effective advertising while protecting user privacy.
We are seeking an expert application security engineer who is passionate about protecting critical internal and customer-facing applications and APIs. You will collaborate with engineering leaders, developers, quality engineers, and security teams to secure Ad Platforms applications and services, present and future. Your responsibilities will include assessing the risk landscape for our applications and services implementing risk mitigation strategies. You will work with partner teams on security tools, penetration testing, and security testing methodologies to keep Ad Platforms services secured.
You will experience a rapidly evolving technology and threat landscape and contribute to the education of teams on secure application design, development, and testing. You should expect to be exposed to a broad range of systems, including web applications, distributed processing, and virtualized environments.
Key Qualifications:
Passionate about Application Security with 3+ years of relevant experience
Deep understanding of web application security threats, exploits, prevention (SQL Injection, XSS, CSRF, platform hardening, etc)
Ability to triage, reproduce, and recommend remediations for vulnerabilities
Proficient with a scripting language (e.g. Javascript, Python, Bash, etc).
Proficiency with Java
Experience in penetration testing and with tools such as Burp or Zap
Passion for understanding and researching vulnerabilities and exploitation techniques
Knowledge of development and integration tools and technologies (e.g. CI/CD)
Knowledge of tools including static code analysis and dynamic application scanning (e.g. Checkmarx, Qualys)
Knowledge of test automation frameworks and how they can be leveraged for security QE
Proficiency in networking concepts (firewalls, load balancers, etc)
Have a background in web application development and/or code auditing strongly preferred
Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
Keeps up with industry trends in security technology and threats
Experience securing infrastructure in public cloud (e.g. AWS, Azure, Google Cloud)
Excellent communication and interpersonal skills
Description:
IN THIS ROLE, YOUR RESPONSIBILITIES WILL INCLUDE:
- Conducting security architecture reviews of the application stack, including applications built on cloud and emerging technologies
- Reviewing source code for potential security issues
- Writing security test cases to check for vulnerabilities or broken/missing security controls
- Providing specific risk assessment and remediation guidelines for developers and business owners
- Helping manage and triage findings from security tools including static and dynamic scanners
- Conducting penetration testing against our applications, services, and environments; reporting underlying security issues and proposing appropriate security controls
- Researching the latest security best practices, trends, threats and vulnerabilities, and technology frameworks
- Documenting and disseminating security guidelines for common security issues, remediation guidance, and security baselines
- Working with developers to provide security guidance and mentor them as necessary
- Developing tools and exploits to support application security automation and penetration testing
- Help identify areas that are ripe for improvement and establish appropriate security goals
- Influence and collaborate with the organization to develop secure solutions and to accomplish stated security goals
Education:
Bachelors or Masters/Ph.D. (preferred) in Computer Science or Engineering with an emphasis in Computer Security or a related field, or equivalent experience.
Apple is an Equal Opportunity Employer that is committed to inclusion and diversity. We also take affirmative action to offer employment and advancement opportunities to all applicants, including minorities, women, protected veterans, and individuals with disabilities. Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants.
by via developer jobs - Stack Overflow
No comments:
Post a Comment