Senior Strategic Risk Manager - Infrastructure

The Apple Services Engineering Security team builds and provides secure systems and infrastructure that fuel Apple’s services (such as iCloud, iTunes, Siri, App Store, and Maps). As part of the ASE Security team, you will help manage the security needs of Apple’s services around the world. You will build and integrate the security controls, guardrails, and frameworks that help protect our customers data in Apple’s infrastructure. Your work will help build solutions to a variety of outstanding security risks to Apple systems and data. Join us, and you’ll play a meaningful role in ensuring the highest standard of security for one of the most-watched companies in the world.In this role, you will work with highly skilled security professionals passionate about identifying, assessing, and mitigating security risks. This role is central to the controls that protect Apple’s customers, data, and brand. You’ll have the opportunity to design security processes and technology with a truly global impact. Combining aspects of solutions engineering, design review, architecture, analysis and technical program management you will help identify and surface risks, and then help develop short and long term roadmaps to address it. You will play a hands on role in ensuring that programs are reviewed, adjusted, implemented and tested appropriately.Help define a strategy and vision for uplifting security in critical services\\nLead discovery conversations to understand architecture, current security posture, and blockers to adoption\\nMeasure and communicate risks to leaders and stakeholders\\nDevelop and implement AI technologies to manage risk\\nPerform post-incident reviews\\nResearch and identify emerging technologies, threats, and vulnerabilities to proactively define security requirements and controls before they reach production.BS in Computer Science, Computer Engineering, or Information Security, or 5+ years of equivalent hands-on experience\\nKnowledge of security architecture and secure design principles\\nDemonstrated ability to design, document, and implement new security processes.\\nExperience conducting security assessments of complex distributed systems, cloud-native applications, and large-scale infrastructure\\nAn understanding of past, current, and emerging security exploit trends\\nUnderstanding of exploit development and conditions required to trigger different vulnerability typesExperience evaluating and building threat models for complex services\\nExperience applying AI/ML techniques to analyze CVEs and prioritize high-risk vulnerabilities.\\nExperience working with data engineers to define metrics and interpret results from detection and risk models.\\nKnowledge of authentication mechanisms, including OAuth, SAML, and other identity management protocols