Job Details

Role Number: 200631337-0836

Summary

Apple is a place where extraordinary people gather to do their best work. If you’re excited by the idea of making a real impact, a career with Apple might be your dream job—just be prepared to dream big! As a highly skilled individual with broad experience in evaluating security risk areas from multiple perspectives, you are passionate about executing projects and proposing thoughtful and practical solutions as recommendations. You are a motivated individual and are skilled at navigating complex environments both technically and organizationally to get quality projects done. If you are a highly motivated self-starter who thrives in ambiguity and dynamic environments, then you should consider joining us.

Description

The Internal Audit Department is seeking a Lead Penetration Tester & Security Engineer with a deep technical skillset to conduct penetration tests and security assessment engagements from start to finish. In this role, you will leverage offensive security expertise to identify vulnerabilities, exploit weaknesses, and evaluate the design and effectiveness of security controls across applications, infrastructure, and cloud environments. You will play a critical role in shaping our audit plan by identifying areas of emerging risk and strengthening the organization’s control environment. This is a high-visibility role on a small team, offering direct exposure to a wide range of business and technology functions.

Minimum Qualifications

• 5+ years of experience in penetration testing, red teaming, or offensive security roles, with exposure to audit or compliance functions preferred.

• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related discipline; equivalent hands-on experience considered.

Preferred Qualifications

• Ability to get things done, experience in delivering end-to-end projects timely with a high degree of quality. Proven ability to work well on a team, as well as independently, with limited supervision.

• Self-starter, exceptionally curious, can navigate ambiguity and challenges consistently, adapts well to change, and enjoys working in a dynamic environment.

• Highly collaborative. You possess a strong ability to work collaboratively as a member of the team and with cross-functional partners on detail oriented projects.

• Effective at seeing around corners and identifying/anticipating risk areas and the ability to navigate the organization to trigger thoughtful conversations

• Excellent project management and organizational skills.

• Ability to develop and deliver effective presentations to audiences and tailoring the message to the appropriate level, excellent communication skills, and ability to clearly articulate the impact of technical details to non-technical audiences.

• Skilled in offensive security techniques including reconnaissance, vulnerability identification, exploitation, post-exploitation, and lateral movement.

• Hands-on experience with penetration testing tools (e.g., Burp Suite, Metasploit, Cobalt Strike, Nmap, Nessus, Nikto, SQLmap, BloodHound).

• Experience with manual exploitation and custom script development to validate vulnerabilities beyond automated scans.

• Strong knowledge of web application, API, and mobile application testing methodologies.

• Proficiency in secure coding practices and ability to identify flaws in code through static/dynamic analysis.

• Familiarity with software development frameworks, CI/CD pipelines, and DevSecOps practices.

• Deep understanding of networking protocols, firewalls, IDS/IPS, and VPN technologies.

• Experience performing internal and external network penetration tests, wireless assessments, and social engineering campaigns (phishing, physical intrusion).

• Proficiency in penetration testing and security assessment across cloud platforms (AWS, GCP, Azure).

• Familiarity with IaaS, PaaS, and SaaS exploitation scenarios, misconfigurations, and cloud-native security controls.

• Understanding of containerization and orchestration technologies (Docker, Kubernetes).

• Proficiency in programming/scripting languages (Python, Bash, PowerShell, Go, or Ruby) for exploit development, tool customization, and automation.

• Knowledge of modern attack vectors, red teaming methodologies, advanced persistent threats (APT) techniques, and MITRE ATT&CK framework.

• Ability to adapt testing approaches to address evolving risks such as AI/ML, supply chain, and zero-day exploitation.

• Strong track record of leading technical security assessments and delivering appropriate communication and reporting.

• Certifications: OSCP, OSWE, GPEN, GXPN, or CEH preferred; CISSP/CISA a plus.

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf) .