Job Details

Role Number: 200653063-3337

Summary

Apple is a place where extraordinary people gravitate to do their life's best work. Together we craft products and experiences people once couldn’t have imagined — and now can’t imagine living without. The Apple Services Engineering (ASE) team builds and provides systems and infrastructure that fuel Apple’s services (such as Apple TV, App Store, Apple Music, Apple Fitness, iCloud, Siri, and Maps). We are the foundation on which Apple’s software developers build the products that our customers love. Our services have to scale globally, stay highly available, and meet the high security expectations for our billions of customers.

The Security team within ASE is seeking a highly skilled and hands-on IAM Architect to design, implement, and optimize our Identity and Access Management (IAM) systems. This role requires deep technical expertise in IAM frameworks, authentication protocols, and access control mechanisms. The ideal candidate will be able to apply industry-leading security practices, build and execute identity and access management governance program, as well as drive seamless, secure access across the organization.

Description

Scaling and transforming systems in a safe and secure way requires experience and a deep understanding of how applications are built, deployed, and operated. In this role, you will work closely with stakeholders, engineers, product and program managers, and executives to charter a IAM unification strategy that includes all compute, storage, network, data warehouse, business operations, business applications, and beyond.

Minimum Qualifications

• 15+ years of experience in Identity and Access Management (IAM) architecture and engineering

• Proven hands on experience building reliable web-scale policy-based Authentication and Authorization solutions

• Proficiency in one or more programming languages (Golang, Java, Swift)

• Experience with cloud-based IAM (AWS IAM, Azure AD, Google Cloud Identity)

Preferred Qualifications

• Strong knowledge of privileged access management (PAM) and identity governance solutions

• Working knowledge of Kubernetes ecosystem

• Understanding of resource level authorization approaches at scale

• Understanding of networking security controls and techniques for network isolation

• Understanding of TPM, Hardware Root of Trust, PKI, UEFI Secure Boot, Measured Boot and security attestation architecture for hardware and workload identity provisioning

• Understanding of Linux security subsystems (SELinux, BPF, IPC, etc.)

• Experience with security frameworks (NIST, ISO 27001, SOC 2) and regulatory requirements

• Proven experience leveraging GenAI

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) .