Security Engineer, AIS

Descrizione del lavoro:

The Adversary Simulation Program (ASP) is a branch of Information Security responsible for emulating real-world adversaries through offensive security engagements and automation. We build and operate the frameworks and tooling that power our engagements and extend detection and response capabilities across Apple. We are seeking a Security Engineer with a passion for offensive security and automation to conduct adversary simulations, execute offensive security engagements, and build the tooling that makes those efforts scalable and repeatable.
As a Security Engineer on this team, your work will split between hands-on offensive security engagements and building the automation that makes those engagements scale. On any given week you might be scoping an adversary simulation against a production service, writing Go code to automate parts of the engagement lifecycle, or translating your findings into clear remediation guidance for engineering teams. You will think like an attacker - planning intrusion paths, chaining vulnerabilities, and testing defences - while also partnering with detection and response teams to close the gaps you uncover. This is a role where you build what you use: the frameworks, tooling, and workflows you develop directly power the engagements you run, and your work shapes how the organisation identifies and responds to real-world threats.
Experience in a security engineer, security consultant, penetration tester, or similar role Expertise in threat modeling, secure architecture design, and reviewing complex systems Strong capability in penetration testing applications, infrastructure, cloud environments and Goland Experience communicating risk to engineering and leadership teams
Bachelor's degree in Computer Science or related field (or equivalent experience) Relevant certifications (e.g., OSCP, OSWE, OSMR) Experience with CTFs, bug bounty programs, or published research Community contributions like public CVEs, open source tools, blogs, or talks Experience constructing adversary scenario narratives and building exploit chains Experience with adversary simulation frameworks or detection validation tooling Experience with Swift