Apple is a place where extraordinary people gravitate to do their life's best work. Together we craft products and experiences people once couldn't have imagined - and now can't imagine living without. The Apple Services Engineering (ASE) team builds and provides systems and infrastructure that fuel Apple's services (such as Apple TV, App Store, Apple Music, Apple Fitness, i Cloud, Siri, and Maps). We are the foundation on which Apple's software developers build the products that our customers love. Our services have to scale globally, stay highly available, and meet the high security expectations for our billions of customers.

The Security team within ASE is seeking a highly skilled and hands-on IAM Architect to design, implement, and optimize our Identity and Access Management (IAM) systems. This role requires deep technical expertise in IAM frameworks, authentication protocols, and access control mechanisms. The ideal candidate will be able to apply industry-leading security practices, build and execute identity and access management governance program, as well as drive seamless, secure access across the organization.

Description

Scaling and transforming systems in a safe and secure way requires experience and a deep understanding of how applications are built, deployed, and operated. In this role, you will work closely with stakeholders, engineers, product and program managers, and executives to charter a IAM unification strategy that includes all compute, storage, network, data warehouse, business operations, business applications, and beyond.","responsibilities":"Lead the design and implementation of scalable IAM infrastructure components ranging from hardware root identity, cryptographic chain of trusts, and fine grain access control.

Architect and integrate authentication and authorization frameworks (ACL, RBAC, ABAC, Zero Trust).

Collaborate with security, engineering, and product teams to align IAM strategies with business needs.

Write, present, and communicate to senior executives the principles and benefits of IAM.

Lead multiple engineering teams to secure and timely solutions.

Contribute code to demonstrate POCs.

Apply GenAI to achieve better quality, security, and time to market.

Preferred Qualifications

Strong knowledge of privileged access management (PAM) and identity governance solutions

Working knowledge of Kubernetes ecosystem

Understanding of resource level authorization approaches at scale

Understanding of networking security controls and techniques for network isolation

Understanding of TPM, Hardware Root of Trust, PKI, UEFI Secure Boot, Measured Boot and security attestation architecture for hardware and workload identity provisioning

Understanding of Linux security subsystems (SELinux, BPF, IPC, etc.)

Experience with security frameworks (NIST, ISO 27001, SOC 2) and regulatory requirements

Proven experience leveraging GenAI

Minimum Qualifications

15+ years of experience in Identity and Access Management (IAM) architecture and engineering

Proven hands on experience building reliable web-scale policy-based Authentication and Authorization solutions

Proficiency in one or more programming languages (Golang, Java, Swift)

Experience with cloud-based IAM (AWS IAM, Azure AD, Google Cloud Identity)

Apple is an equal opportunity employer that is committed to inclusion and diversity. We seek to promote equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant .

Pay & Benefits

At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $201,300 and $367,400, and your base pay will depend on your skills, qualifications, experience, and location.

Apple employees also have the opportunity to become an Apple shareholder through participation in Apple's discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple's Employee Stock Purchase Plan. You'll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses - including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation. Learn more about Apple Benefits.

Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program.