Security Engineer, Ad Platforms

Summary
At Apple, we work every single day to build products that enrich people's lives. Our Advertising Platforms group makes it possible for people around the world to easily access informative and visionary content on their devices while helping publishers and developers promote and monetize their work.

Our technology makes advertising possible on the App Store, Apple News, Stocks, and Apple TV. We help developers and marketers of all sizes drive app discovery across the App Store. Our display ads on Apple News and Stocks let advertisers promote their products alongside trusted content from the world's best journalists. Sponsorship integrations and experiences in live sports on Apple TV help advertisers connect with passionate fans. Everything we do is with the unwavering commitment to privacy you expect from Apple. Because when advertising is done right, it benefits everyone!



Description
We're seeking a Security Engineer whose passionate about protecting critical infrastructure and services.

As a Security engineer, you'll collaborate with engineering leaders, developers, quality engineers, and security teams to secure Ad Platforms' applications and services, present and future. You can expect to assess the risk landscape for products, and drive risk mitigation. You'll work with partner teams on security tools, penetration testing and security testing methodologies to keep Ad Platforms services secured.

You'll also experience a rapidly evolving technology & threat landscape, and contribute to the education of teams on compliance activities throughout the development lifecycle. You should expect to be exposed to a broad range of systems, including web applications, big data, distributed processing, and virtualized environments.

Responsibilities include:

- Conduct security reviews of the service stack, including apps built on cloud and emerging technologies
- Build new security tooling and services to support developers at scale
- Perform security tests on new apps, products, and features before release
- Review source code for potential security issues
- Design and automate security test cases, to check for vulnerabilities or broken/missing security controls
- Provide specific risk assessment & remediation guidelines for developers & business owners
- Triage & review findings from security tools, including static & dynamic scanners
- Research latest security best practices, trends, threats & vulnerabilities and technology frameworks
- Document and share security guidelines for common security issues, remediation guidance, and security baselines
- Work with developers to provide and mentor them on secure development practices
- Develop tools & exploits to support security testing
- Write automations to streamline common tasks, tests, workflows, etc.

---