Penetration Tester, Retail Engineering

Summary

Apple is a place where extraordinary people gather to do their best work. Together we craft products and experiences people once couldn’t have imagined — and now can’t imagine living without. If you’re motivated by the idea of making a real impact, and joining a team where we pride ourselves in being one of the most diverse and inclusive companies in the world, a career with Apple might be your dream job.

In a fast-evolving digital world, our team seeks a Security Penetration Tester to tackle emerging cyber threats. With us, you'll play a pivotal role in safeguarding Apple's Online Store, Apple Store App, flagship Retail locations, and vital backend customer and payment systems. You'll get to dive into cutting-edge technologies, collaborate with industry experts, and safeguard critical digital assets. Join us to turn your skills in code analysis, penetration testing, and security research into impactful results. If this sounds like a role for you, we would love to meet you!

Description

As a penetration tester, you can expect to do the following:

• Conduct manual penetration testing against web applications, APIs, cloud environments, infrastructure, mobile applications and bespoke technologies.
• Communicate these findings in high-quality reports and presentations.
• Provide security advice and partnership to engineering teams and non-technical partners.
• Develop scripts and tooling to augment penetration testing activities or demonstrate proof of concepts.
• Source code review of large complex applications.
• Become a subject matter expert for colleagues in an area of security and penetration testing, shape security requirements, technical documentation and testing methodology.
• Teach others and share expertise.
  
  

Minimum Qualifications

• In-depth knowledge of web application security, system and infrastructure security
• Expertise in a specialist security topic such as cloud security, mobile security, container security etc.
• Ability to read and understand source code (Java, JavaScript, Go etc), and find vulnerabilities in sophisticated code bases
  
  

Preferred Qualifications

• Ability to learn new skills, concepts and technologies
• Strong written and verbal communication skills, ability to communicate vulnerabilities to a variety of stakeholders
• Strong understanding of fundamental computing, database, networking and security concepts
• OSCP or OSWE certification
• Experience with CTFs or hacking labs
• Proficiency in MacOS and other Unix based systems
• Ability to grasp large sophisticated systems and context-switch when needed
• Programming/scripting skills (Python, JavaScript, Go, etc)
• Knowledge of cloud architecture and security
• Publications, security research, bug bounties or CVEs are highly regarded
• Bachelor's in Computer Science or equivalent
• Passion for information security, particularly in penetration testing