SaaS and Cloud Security Assessment Engineer, Information Security


Weekly Hours: 40
Role Number:200255682
This position can be located in Santa Clara Valley (CA) or Seattle (WA). Apple is seeking a Software-as-a-Service (SaaS) and Cloud Security Assessment Engineer within the Supplier Trust Program to join our Information Security team! We are looking for an experienced security professional who is passionate and knowledgable about SaaS, Cloud, and Web Security. The person for this role will bring new insights and strategy to newly established program and is forward looking with “creative” thinking. This position will be responsible for conducting security assessments on 3rd Party SaaS products and Cloud-based services, as well as ensuring secure implementation of these products and services. There is also overlap for infrastructure level Cloud Security Assessments.

  • 5+ years of work experience with Web Application/SaaS Security and Public Cloud (ie; AWS, GCP, Azure) Security.
  • 3+ years experience evaluating system architectural designs, data flows, technical security implementations, especially for SaaS Applications and Systems hosted on cloud platforms.
  • 5+ years of work experience conducting information security consulting engagements.
  • Experience engaging with both third-parties and internal customers regarding security.
  • In-depth knowledge of the security assessment processes and lifecycle with the ability to identify potential improvement areas and gaps in existing processes.
  • In-depth knowledge identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
  • Threat Modeling and Design Reviews.
  • Solid understanding of Application SecurityNetwork Security, Crypto, and Identity Management.
  • In depth knowledge on Application and Cloud Security industry standards, trends, threats, vulnerabilities, and technology frameworks.
  • Excellent written and oral communication skills, including experience

– This is not a “check-the-box“ focused role, this position requires a broad mix of technical expertise and discernment coupled with polished communication to ensure Apple is adopting and implementing SaaS and Cloud-based services which meet our unique security requirements and standards. – Work with internal and external partners to independently perform security assessments to deliver security assurance on third-party SaaS applications with potential for Cloud-level security assessments. – Conduct security architecture review of Third-Party SaaS applications built on cloud and emerging technologies. – Provide clear and detailed risk assessment and remediation guidelines for Third-Party Suppliers and Apple business teams. – Report underlying security issues and propose enhanced security protections and/or counter-measures. – Develop and innovate our Supplier Security Strategy to ensure Apple works with the most mature and secure Suppliers available. – Author and Maintain Third Party security standards and guidelines. – Research new and emerging threats to ensure Apple’s assessment methodology is keeping pace with security trends. – Deliver program enhancements including automation, assessment tooling, and penetration testing. – Provide guidance to prospective Suppliers on Apple security requirements including remediation and potential feature enhancements. – Execute security design and implementation review of onboarded 3rd Party SaaS Applications and web-services throughout the Supplier lifecycle. – Partner with procurement and legal to enhance Third Party security agreements and contracts.communicating to both technical and non-technical audiences.

Bachelors Degree or equivalent work experience

  • Nice to have(s) experience:
  • – Experience in Supply Chain risk management
  • – Hands-on experience with Penetration Testing Web applications, SaaS products, and/or Cloud environments.
  • – Contributions to the security community such a research, published CVEs, bug-bounty recognitions, open-source projects, blogs or publications.
  • – Industry Certifications such as GWAPT, GPEN, GCPN, OSWE.
  • – Independently perform risk-based security assessment of Apple Third-Party SaaS providers.

More Information

Apply for this job

Leave your thoughts

Share this job