Apple Services Engineering (ASE) team is one of the most exciting examples of Apple's long-held passion for combining art and technology! We enable Apple's apps and services, and we do it on an extensive scale, to hundreds of millions of customers in over 35 languages to more than 150 countries. The ASE Security team is seeking an experienced Security Engineering Program Manager to help manage and scale our Offensive Security Team (Red Team). Within ASE you will work with and influence colleagues across Apple to proactively identify security risks and ensure that offensive security findings drive meaningful improvements across our software and development processes. As our work is integral through the entire software stack, you will have the opportunity to work with a wide variety of engineering teams across Apple. We cultivate strong relationships, build trust, and influence without direct authority. We communicate openly and clearly, collaborate enthusiastically, and value a diverse culture of healthy debate. Do these points resonate with you? If so, we want to talk!

Description

As a Security Engineering Program Manager in ASE, you are both a technical and functional expert in the world of offensive security and adversarial testing at scale. While working directly with ASE's red team and engineering partners, you will identify opportunities to strengthen our security posture through targeted adversarial exercises and simulation. This will include driving the end-to-end planning and execution of red team engagements, managing remediation tracking, and working with service owners to develop innovative solutions to complex security challenges. You will be responsible for identifying, planning, and delivering program security outcomes by independently engaging a broad set of stakeholders.","responsibilities":"Operationalize key cross-functional offensive security initiatives and programs that require security domain, systems, and engineering-level knowledge.

Manage cross-functional dependencies, risks, and changes effectively by optimizing scope, schedule, and resources accordingly.

Create project plans which deliver consistency, clarity, and build alignment across teams.

Help influence peers and stakeholders and build consensus while dealing with ambiguity.

Develop and own communication plans to effectively and proactively communicate program status, engagement outcomes, and risks to stakeholders.

Define and report on program health, success metrics, and active progress of red team engagements and remediation efforts.

Leverage data to drive strategic decisions and prioritization at the leadership level.

Preferred Qualifications

Proven history of building or scaling an offensive security or red team program.

Prior hands-on experience in a penetration testing, red team, or security engineering role.

Experience with cloud security and cloud-based attack surfaces.

Risk Management Skills: Ability to identify, assess, and prioritize security risks surfaced through offensive testing, and communicate appropriate remediation strategies to protect organizational assets.

Build Trust and Influence: Experience fostering collaboration and influencing stakeholders without direct authority to achieve program objectives.

Communication Skills: Ability to convey complex technical information to both technical and non-technical stakeholders, ensuring clarity and alignment.

Analytical and Problem-Solving Abilities: Strong analytical skills to assess complex security challenges and develop innovative solutions to address them.

Drive What Matters: Able to focus and simplify, balancing the details with goals, priorities, and trade-offs in mind.

Minimum Qualifications

5+ years of experience managing projects or programs in the field of security.

2+ years of experience working in offensive security, red team operations, or penetration testing.

Project Management Expertise: Proficiency in managing complex projects, including defining scopes, setting timelines, and coordinating cross-functional teams to ensure timely and successful delivery.

Technical Proficiency: A solid understanding of software development, systems engineering, or related technical fields to effectively oversee offensive security programs and engage credibly with red team engineers.

Offensive Security Fluency: Working knowledge of red team operations, penetration testing methodologies, adversary simulation, and common attack frameworks such as MITRE ATT&CK.

BS in Computer Science or related technical field or relevant industry experience

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant .

Pay & Benefits

At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $163,300 and $290,100, and your base pay will depend on your skills, qualifications, experience, and location.

Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You'll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.

Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.