Vulnerability Response Engineer

Summary Posted: Jan 17, 2024 Role Number: 200533185 Apple is seeking an exceptional Information Security Engineer to support our vulnerability response program. This is a technical hands-on role in a dynamic and fast-paced environment. You’ll be working with various application and system owners to report vulnerabilities, drive remediations, determine associated risks, and also to improve our current processes. Key Qualifications Key Qualifications Familiarity with common security vulnerabilities and the ability to judge their severity and impact to the business. Excellent knowledge of large-scale security solutions and vulnerability scanning tools Software development experience with either Python, Go, Rust, and/or Bash scripting Requirement for on-call rotation, which includes weekends Strong penetration testing skills, primary focusing on web application penetration testing experience and security research. Knowledge of the security research community is a strong plus Description Description You will join a team that passionately stays up to date on emerging security vulnerabilities and threats, keeps a cool head in crisis, and advocates every single day for improving the security of Apple products and services. You will need to have a good technical background, superb communication skills, and a strong interest in network, system, and web security. The role also requires a demonstrable ability to work with incomplete information and to adapt to changing priorities. Specific responsibilities include: • Strategize vulnerability management for application and business teams • Technical replication of vulnerabilities and scaling variant analysis relative to discovered issues. • Author clear, authoritative responses to vulnerability inquiries • Provide guidance to engineering teams regarding the impact and remediation of security issues • Work closely with project management to drive security issues to closure Education & Experience Education & Experience BS in Computer Science, Information Technology, Information Security, or related field • Experience in Information security or related field Additional Requirements Additional Requirements