Build Security Engineer

Summary Apple is where individual imaginations gather together, committing to the values that lead to great work. Every new product we build, service we create, or Apple Store experience we deliver is the result of us making each other's ideas stronger. That happens because every one of us shares a belief that we can make something wonderful and share it with the world, changing lives for the better. It's the diversity of our people and their thinking that inspires the innovation that runs through everything we do. When we bring everybody in, we can do the best work of our lives. Here, you'll do more than join something - you'll add something. Software is often referred to as the \"soul\" of Apple's products. This role sits at the intersection of security and software engineering, with direct responsibility for protecting the systems and infrastructure used to manage, build, and distribute Apple's software. The Build Security Engineer will conduct threat modeling and security assessments, partner with engineering teams to uphold security standards, and develop technical solutions that strengthen Apple's build infrastructure security posture end to end. Description The Build Security Engineer is a key contributor to the security of Apple's software supply chain. This role requires deep technical security expertise applied across threat modeling, offensive security assessments, and the development of security controls - all in close collaboration with the engineering teams who build and maintain Apple's most critical software infrastructure. The role also involves creating documentation, mentoring teammates, and staying current with the evolving threat landscape to proactively address risk. Minimum Qualifications 3+ years of experience in cybersecurity, with hands-on experience in threat modeling, security assessments, or penetration testing Experience in a software engineering or security operations role Experience with scripting or programming languages such as Python or Bash Experience working cross-functionally with engineering teams on security requirements or controls Preferred Qualifications Experience conducting penetration testing or red team exercises, particularly targeting build pipelines or software supply chain components Experience leveraging LLMs safely to accelerate various security workflows Experience with container orchestration platforms such as Kubernetes Proficiency in additional programming languages such as Go (Golang) or Perl Familiarity with cybersecurity frameworks and standards (e.g., NIST, CIS, SLSA) Experience mentoring engineers or junior security team members on security concepts and best practices Track record of identifying and driving remediation of vulnerabilities in complex software environments Strong written and verbal communication skills with the ability to present technical findings to varied audiences Security certifications such as OSCP or CISSP