Security Domain Expert, Perimeter and Network Security, Enterprise Technology Se
Apple, Inc., Sunnyvale, CA, United States
Summary
At Apple, new insights often become revolutionary products, services, and customer experiences very quickly. Bring passion and dedication to your job, and there's no telling what you could accomplish. The Emerging Technologies team within IS&T specializes in building forward‑looking, extremely scalable systems and solutions in two areas: Information Security and general‑purpose, reusable platforms in the space of Integration and Orchestration. The team has a passion for solving challenging problems, exploring new domains, and engineering transformational solutions. We operate with a startup mindset - lean teams, high ownership, and technical leaders who flex across domains to build and scale new capabilities.
Description
The Emerging Technologies team is seeking a Security Domain Expert to serve as the outward face and technical authority of Apple's perimeter and network security platform. You will represent the team across Apple - in architecture forums, security reviews, and leadership briefings - bringing deep expertise in perimeter security, proxy technologies, and threat mitigation to every engagement.
This role requires hands‑on experience with the technologies at the heart of our platform - proxies, origin, edge, application load balancers, service mesh, API & AI security gateways, WAF, DDoS mitigation, bot prevention, TLS termination/origination, and security policy enforcement across protocols (TCP, UDP, HTTP/HTTPS). You will apply that expertise to advise partner teams on how our security capabilities address their traffic and security challenges, and to represent the team's technical perspective in cross‑organizational forums.
You will also serve as the bridge between our engineering team and the broader Apple ecosystem - working directly with application teams to understand their security requirements, synthesizing cross‑team needs to inform platform strategy and roadmap, and translating technical security concepts into clear narratives for leadership. This role spans deep technical engagement with security and infrastructure teams through to executive communication in equal measure.
Minimum Qualifications
Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent technical discipline.
12+ years of experience in security engineering or security architecture, with a strong hands‑on technical foundation.
Deep expertise in perimeter and network security - WAF design, DDoS mitigation strategies, bot detection techniques, TLS/mTLS, TCP/IP, HTTP/HTTPS, and DNS security.
Strong understanding of proxy technologies (NGINX, Envoy, HAProxy) across edge, origin, service mesh, and API gateway tiers - including how security controls are implemented and enforced at the proxy layer.
Experience with security policy enforcement and configuration management across distributed infrastructure at scale.
Familiarity with systems that span on‑premises data centers and public cloud environments (GCP, AWS).
Proven experience representing a security team as a domain authority - in architecture reviews, security forums, executive briefings, and cross‑organizational planning.
Experience working directly with application and infrastructure teams to understand their traffic and security requirements and design integrated solutions.
Ability to communicate complex security topics with equal clarity to engineers and senior leadership.
Track record of influencing security direction and outcomes across organizational boundaries without direct management authority.
Excellent written and verbal communication skills.
Preferred Qualifications
M.S. in Computer Science, Computer Engineering, Cybersecurity, or Information Security.
Experience with proxy engine internals - C, C++, Lua, or WASM‑based customization of NGINX, Envoy, or similar engines for implementing security controls in the runtime data path.
Experience with L4/L7 proxy architectures, protocol‑level security, and load balancing strategies.
Understanding of orchestration/control plane systems for security policy distribution and lifecycle management at fleet scale.
Familiarity with OWASP threat models, CVE analysis, threat landscape trends, and security incident response from an engineering perspective.
Experience with service mesh architectures (Istio, Envoy‑based), API & AI security gateway patterns, and containerization (Kubernetes, Docker).
Knowledge of real‑time threat intelligence distribution and event‑driven security telemetry at scale.
Recognized contributions to the security community - conference talks, published research, open‑source contributions, or patents.
Pay & Benefits
At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $257,400 and $386,300, and your base pay will depend on your skills, qualifications, experience, and location.
Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You will also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.
Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.
#J-18808-Ljbffr
At Apple, new insights often become revolutionary products, services, and customer experiences very quickly. Bring passion and dedication to your job, and there's no telling what you could accomplish. The Emerging Technologies team within IS&T specializes in building forward‑looking, extremely scalable systems and solutions in two areas: Information Security and general‑purpose, reusable platforms in the space of Integration and Orchestration. The team has a passion for solving challenging problems, exploring new domains, and engineering transformational solutions. We operate with a startup mindset - lean teams, high ownership, and technical leaders who flex across domains to build and scale new capabilities.
Description
The Emerging Technologies team is seeking a Security Domain Expert to serve as the outward face and technical authority of Apple's perimeter and network security platform. You will represent the team across Apple - in architecture forums, security reviews, and leadership briefings - bringing deep expertise in perimeter security, proxy technologies, and threat mitigation to every engagement.
This role requires hands‑on experience with the technologies at the heart of our platform - proxies, origin, edge, application load balancers, service mesh, API & AI security gateways, WAF, DDoS mitigation, bot prevention, TLS termination/origination, and security policy enforcement across protocols (TCP, UDP, HTTP/HTTPS). You will apply that expertise to advise partner teams on how our security capabilities address their traffic and security challenges, and to represent the team's technical perspective in cross‑organizational forums.
You will also serve as the bridge between our engineering team and the broader Apple ecosystem - working directly with application teams to understand their security requirements, synthesizing cross‑team needs to inform platform strategy and roadmap, and translating technical security concepts into clear narratives for leadership. This role spans deep technical engagement with security and infrastructure teams through to executive communication in equal measure.
Minimum Qualifications
Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent technical discipline.
12+ years of experience in security engineering or security architecture, with a strong hands‑on technical foundation.
Deep expertise in perimeter and network security - WAF design, DDoS mitigation strategies, bot detection techniques, TLS/mTLS, TCP/IP, HTTP/HTTPS, and DNS security.
Strong understanding of proxy technologies (NGINX, Envoy, HAProxy) across edge, origin, service mesh, and API gateway tiers - including how security controls are implemented and enforced at the proxy layer.
Experience with security policy enforcement and configuration management across distributed infrastructure at scale.
Familiarity with systems that span on‑premises data centers and public cloud environments (GCP, AWS).
Proven experience representing a security team as a domain authority - in architecture reviews, security forums, executive briefings, and cross‑organizational planning.
Experience working directly with application and infrastructure teams to understand their traffic and security requirements and design integrated solutions.
Ability to communicate complex security topics with equal clarity to engineers and senior leadership.
Track record of influencing security direction and outcomes across organizational boundaries without direct management authority.
Excellent written and verbal communication skills.
Preferred Qualifications
M.S. in Computer Science, Computer Engineering, Cybersecurity, or Information Security.
Experience with proxy engine internals - C, C++, Lua, or WASM‑based customization of NGINX, Envoy, or similar engines for implementing security controls in the runtime data path.
Experience with L4/L7 proxy architectures, protocol‑level security, and load balancing strategies.
Understanding of orchestration/control plane systems for security policy distribution and lifecycle management at fleet scale.
Familiarity with OWASP threat models, CVE analysis, threat landscape trends, and security incident response from an engineering perspective.
Experience with service mesh architectures (Istio, Envoy‑based), API & AI security gateway patterns, and containerization (Kubernetes, Docker).
Knowledge of real‑time threat intelligence distribution and event‑driven security telemetry at scale.
Recognized contributions to the security community - conference talks, published research, open‑source contributions, or patents.
Pay & Benefits
At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $257,400 and $386,300, and your base pay will depend on your skills, qualifications, experience, and location.
Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You will also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.
Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.
#J-18808-Ljbffr