Software Engineer, Security

Beschreibung:

Join the Apple Cloud Object Store (ACOS) team as a Software Engineer with a focus on security. The ACOS team, which is part of Apple Services Engineering organisation, is one of the most critical infrastructure teams at Apple, storing and serving petabytes of data across Apple's services. The ASE organization builds and operates the cloud infrastructure underpinning Apple's services, bringing together compute, storage, networking, and security into a unified Apple Cloud platform. In this role you'll work at the intersection of distributed systems engineering and security - building the authentication, authorisation, and encryption foundations that protect data at exabyte scale.
The security challenges in a large-scale cloud object store are deep and varied. You will work on problems such as: designing and evolving authentication systems to meet modern security standards; implementing and improving encryption-at-rest schemes with robust key lifecycle management at scale; building IAM policy enforcement at high throughput; driving compliance for a multi-region storage platform; and conducting threat modeling for a system handling hundreds of thousands of requests per second. You'll also contribute to broader storage engineering work - durability, availability, multi-tenancy, and performance - making this a well-rounded SWE role with a security-first mindset.
Solid backend software engineering experience with strong computer science fundamentals: networking, distributed systems, and security concepts. Good understanding of authentication and authorisation: familiarity with protocols such as SigV4, OAuth2, mTLS, or IAM-style policy systems. Understanding of cryptographic fundamentals: symmetric encryption, key hierarchies, certificate management, or secret management systems. Experience driving complex projects end-to-end and collaborating across teams.
Experience with IAM systems, STS/short-lived credentials, or policy-based access control. Hands-on experience with encryption infrastructure: key rotation, envelope encryption, or integrating with secret managers (e.g., HashiCorp Vault, AWS KMS, or equivalent). Familiarity with compliance frameworks such as PCI-DSS or SOX in a cloud infrastructure context. Experience with threat modeling methodologies or conducting security design reviews