Security Researcher Offensive Tooling H/F apple

Détail du poste

As part of Apple's Security Engineering & Architecture (SEAR) organization, you'll join our mission to create the world's most secure products. We are committed to building groundbreaking tools that enable our security researchers to delve deep into our numerous codebases and frameworks to identify any security concerns efficiently. We are seeking a motivated individual to explore and improve our offensive security capabilities with a strong emphasis on designing and developing state-of-the-art tools using a broad range of analysis approaches. You will collaborate closely with an extraordinary team of vulnerability researchers to gain a deep understanding of the attack surface across Apple's full stack - from silicon and boot ROMs to firmware, kernels, and user applications. As the primary focus, you will design, develop, maintain, and enhance our security analysis tools. Using a wide range of static and dynamic techniques on both source code and binaries, you will create and contribute to innovative solutions for very targeted issues, and scalable solutions to efficiently analyze sophisticated systems. Your work will directly amplify the team's impact on variant analysis or regression prevention, and will empower researchers with ground breaking methods and automation for streamlined vulnerability finding. You will also partner directly with researchers to apply offensive tooling to real-world security assessments. This hands-on application will demonstrate tools effectiveness and provide valuable feedback for continuous improvement. Your contributions will directly impact our ability to proactively secure Apple products.
- Strong programming skills (C/C++, Python, Swift/Rust).
- Proven experience in security-oriented tool development, extension and real-world usage (static/dynamic approaches, source/binary analysis).
- Autonomous drive and collaborative approach.
- Experience with reverse engineering tools and methodologies.
- Experience with DEVOPS and related environments.
- Low-level understanding of security mitigations deployed in at least one major operating system.