Security Researcher - Offensive Tooling

Descrizione del lavoro:

As part of Apple's Security Engineering & Architecture (SEAR) organization, you'll join our mission to create the world's most secure products. We are committed to creating groundbreaking tools that enable our security researchers to delve deep into our numerous codebases and frameworks to identify any security concerns efficiently. We are seeking a motivated individual to explore and improve our offensive security capabilities with a strong emphasis on designing, developing, and state-of-the-art tools using a broad range of analysis approaches.
You will collaborate closely with an extraordinary team of vulnerability researchers to gain a deep understanding of the attack surface across Apple's full stack - from silicon and boot ROMs to firmware, kernels, and user applications. As the primary focus, you will design, develop, maintain, and enhance security analysis tools. Using a wide range of static and dynamic techniques on both source code and binaries, you will create and contribute to innovative solutions for unique security challenges, and scalable solutions to efficiently analyze sophisticated systems. Your work will directly amplify the team's impact on variant analysis or regression prevention, and will empower researchers with ground breaking methods and automation for streamlined vulnerability finding. You will also partner with other security researchers, applying offensive tooling to real-world security evaluations. This hands-on application will demonstrate tools effectiveness and provide valuable feedback for continuous improvement. Your contributions will directly impact our ability to proactively secure Apple products.
Strong programming skills (C/C++, Python, Swift/Rust) Proven experience in security-oriented tool development and real-world usage (static/dynamic approaches, source/binary analysis) Autonomous drive and collaborative mindset
Understanding of Vulnerability Research, tools and methodologies Experience with DevOps and related environments Low-level understanding of security mitigations deployed in at least one major operating system