Apple Information Security is seeking an experienced security engineering manager to lead the Vulnerability Response team across the United States and EMEIA regions. Apples external perimeter spans thousands of services relied upon by billions of users worldwide and this team is responsible for continuously identifying analyzing and remediating vulnerabilities across that surface. You will combine hands-on technical leadership with people management overseeing programs that include subcomponents of Apples bug bounty program proactive vulnerability discovery WAF rule development emerging threat response and custom securityntooling. nnYou will play a critical role in protecting Apples services and customers by ensuring timely and thorough response to security risks fostering engineering excellence and driving strategic initiatives that strengthen Apples overall security posture. This role is both strategic and operational requiring deep technical expertise strong leadership and the ability to manage a geographically distributed team operating in a continuous response environment.
As a manager on the Vulnerability Response team you will lead the day-to-day operations of security engineers across the US and EMEIA regions as well as oversee resources providing around-the-clock support. You will set team priorities drive execution across multiple concurrent programs and ensure operational continuity for a function that requires uninterrupted coverage. This includes direct participation in on-call escalation rotations hands-on technical contributions such as penetration testing variant analysis security tool development and strategic planning to evolve the teams capabilities over will partner closely with teams across Apple to ensure coordinated and effective vulnerability response. You will represent the team in cross-functional forums advocate for security improvements with engineering leadership and contribute to the development of policies processes and tooling that scale the teams impact. You will also maintain the professional standards and reputation through oversight of researcher engagementnvulnerability adjudication and program communications.
Team Leadership: Lead mentor and grow a geographically distributed team of security engineers across the US and EMEIA regions. Set goals support professional development and oversee resources providing around-the-clock Tier 1 Response Operations: Own the teams continuous vulnerability response function including on-call escalation emerging threat and zero-day assessment and coordination of rapid remediation efforts across Apples external Discovery and Remediation: Drive proactive security assessment programs including penetration testing variant analysis and large-scale scanning initiatives to identify and remediate vulnerabilities before they are discovered or exploited by external Program Management: Manage the lifecycle of external researcher engagement report validation risk assessment and remediation Tooling and Automation: Guide the development and maintenance of custom security tools and automation that support vulnerability detection analysis and remediation tracking at scale including the application of emerging technologies to increase operational -Functional Collaboration: Serve as a trusted security advisor to engineering product and leadership teams partnering across security and infrastructure organizations to align vulnerability response priorities with broader security objectives and drive adoption of security improvements.
8 years of experience in information security with demonstrated expertise in vulnerability management web application penetration testing and incident response for large-scale internet-facing services including 3 years of people management experience leading and developing teams of security technical proficiency in web application security including hands-on experience identifying and remediating common vulnerability classes and software development skills in one or more of Python Go or managing or contributing to a vulnerability disclosure or bug bounty program including researcher engagement vulnerability validation and coordinated disclosure with vulnerability scanning tools and methodologies at enterprise scale including both commercial and open-source ability to manage geographically distributed teams across multiple time zones with willingness to participate in on-call rotations including weekends as part of a tiered escalation written and verbal communication skills with the ability to articulate complex security issues and risk to both technical and non-technical audiences.
Bachelors degree in Computer Science Information Security or a related field or equivalent professional with cloud-native architectures WAF technologies and DNS security disciplines with the ability to assess security implications across modern deployment and infrastructure in applying AI and machine learning techniques to security operations including automated analysis classification or remediation industry certifications such as CISSP OSCP OSCE GPEN or equivalent are helpful but not required.
Required Experience:
Manager
Apple Information Security is seeking an experienced security engineering manager to lead the Vulnerability Response team across the United States and EMEIA regions. Apples external perimeter spans thousands of services relied upon by billions of users worldwide and this team is responsible for cont...
Apple Information Security is seeking an experienced security engineering manager to lead the Vulnerability Response team across the United States and EMEIA regions. Apples external perimeter spans thousands of services relied upon by billions of users worldwide and this team is responsible for continuously identifying analyzing and remediating vulnerabilities across that surface. You will combine hands-on technical leadership with people management overseeing programs that include subcomponents of Apples bug bounty program proactive vulnerability discovery WAF rule development emerging threat response and custom securityntooling. nnYou will play a critical role in protecting Apples services and customers by ensuring timely and thorough response to security risks fostering engineering excellence and driving strategic initiatives that strengthen Apples overall security posture. This role is both strategic and operational requiring deep technical expertise strong leadership and the ability to manage a geographically distributed team operating in a continuous response environment.
As a manager on the Vulnerability Response team you will lead the day-to-day operations of security engineers across the US and EMEIA regions as well as oversee resources providing around-the-clock support. You will set team priorities drive execution across multiple concurrent programs and ensure operational continuity for a function that requires uninterrupted coverage. This includes direct participation in on-call escalation rotations hands-on technical contributions such as penetration testing variant analysis security tool development and strategic planning to evolve the teams capabilities over will partner closely with teams across Apple to ensure coordinated and effective vulnerability response. You will represent the team in cross-functional forums advocate for security improvements with engineering leadership and contribute to the development of policies processes and tooling that scale the teams impact. You will also maintain the professional standards and reputation through oversight of researcher engagementnvulnerability adjudication and program communications.
Team Leadership: Lead mentor and grow a geographically distributed team of security engineers across the US and EMEIA regions. Set goals support professional development and oversee resources providing around-the-clock Tier 1 Response Operations: Own the teams continuous vulnerability response function including on-call escalation emerging threat and zero-day assessment and coordination of rapid remediation efforts across Apples external Discovery and Remediation: Drive proactive security assessment programs including penetration testing variant analysis and large-scale scanning initiatives to identify and remediate vulnerabilities before they are discovered or exploited by external Program Management: Manage the lifecycle of external researcher engagement report validation risk assessment and remediation Tooling and Automation: Guide the development and maintenance of custom security tools and automation that support vulnerability detection analysis and remediation tracking at scale including the application of emerging technologies to increase operational -Functional Collaboration: Serve as a trusted security advisor to engineering product and leadership teams partnering across security and infrastructure organizations to align vulnerability response priorities with broader security objectives and drive adoption of security improvements.
8 years of experience in information security with demonstrated expertise in vulnerability management web application penetration testing and incident response for large-scale internet-facing services including 3 years of people management experience leading and developing teams of security technical proficiency in web application security including hands-on experience identifying and remediating common vulnerability classes and software development skills in one or more of Python Go or managing or contributing to a vulnerability disclosure or bug bounty program including researcher engagement vulnerability validation and coordinated disclosure with vulnerability scanning tools and methodologies at enterprise scale including both commercial and open-source ability to manage geographically distributed teams across multiple time zones with willingness to participate in on-call rotations including weekends as part of a tiered escalation written and verbal communication skills with the ability to articulate complex security issues and risk to both technical and non-technical audiences.
Bachelors degree in Computer Science Information Security or a related field or equivalent professional with cloud-native architectures WAF technologies and DNS security disciplines with the ability to assess security implications across modern deployment and infrastructure in applying AI and machine learning techniques to security operations including automated analysis classification or remediation industry certifications such as CISSP OSCP OSCE GPEN or equivalent are helpful but not required.
Ask Siri to name the most successful company in the world and it might respond: Apple. And it's not just out of familial pride. Apple consistently ranks highly in profit, revenue, market capitalization, and consumer cachet. In 2018, the company became the first reach a trillion dollar
... View more