23 days old

Apple Media Products - Security Engineer - Standards, Guidance, Documentation

Cupertino, CA 95014
  • Job Code
    200209849
Summary

Summary

Posted: Dec 2, 2020

Role Number:200209849

The Apple Media Products Engineering team is one of the most exciting examples of Apple's long-held passion for combining art and t...Summary

Summary

Posted: Dec 2, 2020

Role Number:200209849

The Apple Media Products Engineering team is one of the most exciting examples of Apple's long-held passion for combining art and technology. These are the people who power the App Store, Apple TV, Apple Music, Apple Podcasts, and Apple Books. And they do it on a massive scale, meeting Apple's high expectations with high performance to deliver a huge variety of entertainment in over 35 languages to more than 150 countries.

These engineers build secure, end-to-end solutions. They develop the custom software used to process all the creative work, the tools that providers use to deliver that media, all the server-side systems, and the APIs for many Apple services.

Thanks to Apple's unique integration of hardware, software, and services, engineers here partner to get behind a single unified vision. That vision always includes a deep commitment to strengthening Apple's privacy policy, one of Apple's core values. Although services are a bigger part of Apple's business than ever before, these teams remain small, nimble, and cross-functional, offering greater exposure to the array of opportunities here.

Key Qualifications

  • - Experience driving policy and compliance alignment in an engineering organization.
  • - Ability to develop, document, and maintain clear information security expectations by coalescing security requirements from various disparate sources (e.g. internal policy, external compliance requirements, business risk tolerance).
  • - Familiarity with common security frameworks and standards that bring together industry best practices.
  • - Excellent documentation and interpersonal skills.
  • - Ability to work with a diverse set of teams and drive towards consensus on security requirements.
  • - Develop security metrics of adherence to standards in a way that can provide visibility to management on the current state of security.
  • - Ability to evaluate and reason about business risk in a meaningful way.

Description

This Platform Security Engineer role will be responsible for establishing, maintaining, and communicating impactful security expectations! These expectations should take the form of information security standards and guidelines that address mandatory security requirements (i.e. Apple policy, compliance obligations) and also incorporate common standard methodologies pulled from a variety of industry sources (e.g. NIST CSF, ISO 27001/27002, OWASP SAMM, etc.), with the goal of giving AMP teams a single set of impactful requirements to drive their work. In addition to the development of security standards, this individual should drive guidance and documentation meant to address common security questions and issues to further enable AMP teams to work securely in a self-service manner.

The ideal candidate will have a strong background mapping generic (and sometimes vague) security and compliance obligations to meaningful requirements via clear documentation. Achieving consensus on the requirements will require extensive interaction with the external partners (e.g. Apple Information Security, Apple Privacy/Legal) and internal partners (AMP Security, AMP SRE, AMP engineering) to validate that the requirements meet the relevant security requirements and are impactful/understandable by AMP teams. As appropriate and required, this person should also help formalize security governance processes that ratify and get agreement from AMP management to treat these standards as binding expectations for AMP teams.

This role will also be expected to drive general security and privacy improvements on security projects, as needed!

Education & Experience

At least 5 years in a security engineering or security related role

Experience managing security policy or standards in an enterprise environment

Familiarity with SDLC and the security expectations in an enterprise software engineering environment

Additional Requirements

Posted: 2021-01-03 Expires: 2021-02-02

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Apple Media Products - Security Engineer - Standards, Guidance, Documentation

Apple, Inc.
Cupertino, CA 95014

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast