Job Details

Role Number: 200622439-0836

Summary

Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish. We’re a diverse collection of thinkers and doers, continually reimagining our products, systems, and practices to help people do what they love in new ways. This is a deeply collaborative place, where everything we create is the result of people in different roles and teams working together to make each other’s ideas stronger. That same passion for innovation that goes into our products also applies to our practices, strengthening our commitment to leave the world better than we found it.

Description

Apple is seeking an exceptional engineer to join its global Detection & Response team. This is a hands-on technical role which involves the creation, testing, and maintenance of Apple’s threat detection software. Additional responsibilities include:

• Provide feedback and adhere to detection development lifecycle.
• Quantify the efficacy of Apple’s detection software with attack simulation and red team collaboration.
• Formulate new detection ideas based on newly-published research, industry trends, or major incidents.
• Drive the requirements for Apple’s security telemetry and response tools.
• Automate the triage and response to security incidents.

Minimum Qualifications

• 5+ years of experience in security engineering, threat detection, or incident response.

• Proven ability to write and tune detections for cloud, SaaS, and endpoint environments.

• Strong software development background with hands-on experience in Apache Spark, SQL, GitHub workflows, and CI/CD practices.

• Knowledge of MITRE ATT&CK, threat modeling, and common attacker techniques.

• Demonstrated experience analyzing telemetry from logs (endpoint, network, or application).

• Solid understanding of cloud environments (AWS, GCP, or Azure) and cloud-native security logging.

• Exceptional written and verbal communication skills — can collaborate cross-functionally and write clear detection logic or proposals.

• Track record of team collaboration and working well in globally distributed environments.

Preferred Qualifications

• • Experience leading or mentoring detection engineering efforts, or demonstrated readiness to lead a regional team in the future.
• • Hands-on experience with automated incident response and containment tooling (SOAR platforms, custom scripts, etc.).
• • Familiarity with Apple-scale detection challenges, including scaling detection-as-a-service.
• • Passion for building tools and platforms that enable other engineers, not just writing detections.
• • Holds relevant industry certifications (e.g., GIAC, OSCP, AWS Security Specialty).
• • High ownership mindset — thrives in fast-paced environments and adapts to ambiguity.
• • A sharp eye for automation opportunities and eliminating repetitive work.
• • Strong interpersonal skills with a team-first attitude — approachable, constructive, and solution-oriented.

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) .