Apple's Trusted Execution team in Security Engineering and Architecture builds the security technologies that protect every Apple product at the point of code execution. Our work is the first line of defense in Apple's defense-in-depth strategy, well known in the security community, and constantly evolving. We're a small team with a huge impact. As an engineer joining this team, you would help ensure the integrity of the systems that control what software is authorized to run on Apple hardware — and under what circumstances. These systems span client devices, server infrastructure, and hardware security modules, and your work will require understanding how they interact to enforce security policy end-to-end. You will analyze these systems for security gaps, help define and enforce authorization policies, and build automation and analytics to strengthen oversight and detect anomalies. Successful candidates will be versatile software engineers with a security mindset — able to reason about complex systems, identify threats, and build the right solution whether that means writing a security analysis, automating a process, or contributing code to the operating system. Our environment fosters product innovation, rapid iteration, and the autonomy and support to do your best work. The position will require you to collaborate with and influence teams from several organizations across Apple. As you grow in the role, there will be opportunities to work deeper in the stack, contributing to the operating system security technologies that run on every Apple device. If you have an interest or background in this area, we'd love to hear from you.

Description

Help secure the systems that manage software authorization across Apple's product line. Analyze the security properties of complex, multi-component systems and identify opportunities to strengthen them. Participate in threat modeling and security review of authorization workflows, policies, and access controls. Build automation and analytics to provide continuous security oversight and surface anomalies. Contribute to the design of new authorization strategies that leverage device hardware capabilities and security infrastructure. Work cooperatively with software, hardware, factory, and server teams on technologies and initiatives to improve security and drive the adoption of these technologies across the organization.

Minimum Qualifications

BS in Computer Science, Information Security, or equivalent practical experience Demonstrated ability to learn and reason about complex systems and their security properties Programming proficiency in Python and at least one systems programming language (C, C++, Objective-C, or Swift) Strong communication skills, with the ability to work across teams to drive security outcomes

Preferred Qualifications

Experience with security analysis, threat modeling, or security architecture review Familiarity with applied cryptography concepts (PKI, digital signatures, attestations) Understanding of operating systems internals or systems programming Knowledge of access control principles, including least privilege and role-based access Experience building data pipelines, analytics, or anomaly detection systems Experience building internal tools, dashboards, or productivity automation Self-directed learner who can navigate unfamiliar systems, codebases, and technology stacks — including legacy tools and languages — to get the job done A passion for building pragmatic security solutions and a curiosity to go deeper into the stack

AI can make mistakes. To view the original job title, description and salary, click here.

Software Engineer, Trusted Execution (Security Systems)

Description

Minimum Qualifications

Preferred Qualifications