Spanish bilingual and Hispanic jobs since 1997. Diversity job fairs since 2006. employers     login   |   register - post a job
Hispanic Diversity Recruitment - best jobs for hispanic, latino & bilingual (spanish & portuguese) jobseekers
HOME
    Log me in!   |   Site Map   |   Help   
 Static Analysis Security Researcher, Information Security - Cupertino, California, United States

   
Job information
Posted by: Apple 
Hiring entity type: Retail 
Work authorization: Not Specified for United States
Position type: Direct Hire, Full-Time 
Compensation: ******
Benefits: See below
Relocation: Not specified 
Position functions: Computers - Programming Languages
Computers - Platforms
Computers - Networks
Computers - Software Engineer
 
Travel: Unspecified 
Accept candidates: from anywhere 
Languages: English - Fluent
 
Minimum education: See below 
Minimum years experience: See below 
Resumes accepted in: English
Cover letter: No cover letter requested
Job code: 200308341 / Latpro-3840113 
Date posted: Nov-11-2021
State, Zip: California, 95014

Description

Static Analysis Security Researcher, Information Security

Santa Clara Valley (Cupertino) , California , United States

Corporate Functions

Summary

Posted: Nov 10, 2021

Weekly Hours: 40

Role Number: 200308341

This position can be located in Seattle (WA) or Santa Clara Valley (CA). Imagine what you could do here. At Apple, new ideas have a way of becoming extraordinary products, services, and customer experiences very quickly. Bring passion and dedication to your job and there's no telling what you could accomplish! Apple is seeking an exceptional security researcher to identify and build static analysis detections and/or tooling relevant to the technology, security concerns, and classes of software vulnerabilities relevant to Apple. We're a diverse collection of problem solvers and doers, continually reimagining our products, systems, and practices to help people do what they love in new ways. This is a deeply reciprocal place, where everything we build is the result of people in different roles and teams working together to make each other's ideas stronger. That same real passion for innovation that goes into our products also applies to our practices, strengthening our dedication to leave the world better than we found it!

Key Qualifications

  • Experience with identifying security vulnerabilities through source code review
  • Experience manually testing web applications or enterprise penetration testing
  • Experience with programming languages like Python, Go, Java, Ruby, Objective-C, Swift, Rust
  • Understanding of Abstract Syntax Tree (AST) generation and other code transformation methodologies
  • Proficiency in either macOS or other Unix related operating systems (eg, Linux, BSD, Solaris, etc)
  • Ability to explain basic networking concepts (routing, ACL, load balancers, SSL/TLS, TCP) in order to provide application architecture feedback
  • Background in web application development and/or infrastructure as code engineering strongly preferred
  • Strong verbal and written communication skills
  • Passion for discovering and researching new vulnerability identification techniques

Description

- Analyze Apple's source code, conduct research to automate identification of dependency supply chain, and automate identification of the technologies used in Apple's source code - Analyze vulnerability history to report security concerns and classes of software vulnerabilities relevant to Apple - Assess existing static analysis technologies for integration into Apple security tooling - Research methods for applying static analysis detections to infrastructure as code environments - Based on the above analysis, identify and prioritize static analysis detection opportunities - As time allows, stay up-to-date with Apple product and service development by conducting security architecture review, manual application security testing, and source code auditing Other responsibilities include: - Conduct manual application security testing and source code auditing for a variety of technologies. - Provide clear and detailed risk assessment and remediation guidelines for developers and business owners. - Conduct security architecture review of the full stack including applications built on cloud and emerging technologies. - Improve Apple's automated defect detection build process, including our quality assurance test suite - Document and evangelize to internal Apple development teams, the process for giving static analysis rules - Mentor other security engineer team members to develop and give static analysis detections - Help other security engineers and developers to contribute static analysis rules or tooling - Research the latest standard methodologies, trends, threats and vulnerabilities, and technology frameworks - Research and develop tools to enhance static analysis framework capabilities (e.g. accuracy, coverage, and efficiency of detections) - Producing vulnerability proof of concepts and writing clear remediation guidance to aid development teams

Education & Experience

BS in Computer Engineering with specialization in Information Security or 4+ years of equivalent, hands-on information security experience in a large enterprise environments a plus.



Requirements

See job description

 

Apple requires you to fill in their on-line form which will open in a different window.

Enter your email address and click 'Apply':
       Apply
  Prefer not to enter your email?