Lead Engineering and Security Auditor

Summary

Posted: Mar 1, 2025
Weekly Hours: 40
Role Number:200591527

Apple is a place where extraordinary people gather to do their best work. If you’re excited by the idea of making a real impact, a career with Apple might be your dream job—just be prepared to dream big! As a highly skilled individual with broad experience in evaluating technology risk areas from multiple perspectives, you are passionate about executing projects and proposing thoughtful and practical solutions as recommendations. You are a motivated individual and are skilled at navigating complex environments both technically and organizationally to get quality projects done. If you are a highly motivated self-starter who thrives in ambiguity and dynamic environments, then you should consider joining us.

Description

The Internal Audit Department is seeking a Lead Engineering and Security Auditor who possesses a broad and diverse skillset to lead complex audit projects and assessments from start to finish. In this role, you will leverage your experience and expertise to actively identify risk areas and be a key contributor to the development of our plan. You will also play a crucial role in scoping, executing, and delivering a portfolio of technical projects. This is a high-visibility role on a small team that will provide you an opportunity to contribute to the organization’s control environment while also gaining exposure to many business areas.

Minimum Qualifications

• 10+ years experience in performing highly technical audits/assessments or leading or developing technical risk and compliance programs for engineering and security organizations.
• Bachelor’s degree in Computer Science, Engineering, or related discipline, or commensurate experience

Preferred Qualifications

• Ability to get things done, experience in delivering end-to-end projects timely with a high degree of quality. Proven ability to work well on a team, as well as independently, with limited supervision.
• Self-starter, exceptionally curious, can navigate ambiguity and challenges consistently, adapts well to change, and enjoys working in a dynamic environment.
• Highly collaborative. You possess a strong ability to work collaboratively as a member of the team and with cross-functional partners on detail oriented projects.
• Effective at seeing around corners and identifying/anticipating risk areas and the ability to navigate the organization to trigger thoughtful conversations
• Excellent project management and organizational skills.
• Ability to develop and deliver effective presentations to audiences and tailoring the message to the appropriate level, excellent communication skills, and ability to clearly articulate the impact of technical details to non-technical audiences.
• Advanced knowledge and hands on experience in the operation of technology practices and controls, including but not limited to: applications and infrastructure, threat and vulnerability assessments, change management, release management, access management, data center operations, third party cloud, asset management, networks and firewalls, data privacy, artificial intelligence and machine learning, databases, business continuity, disaster recovery, third party risk management, and emerging risk areas.
• Demonstrated proficiency in conducting reviews (e.g., audits, assessments, etc.) of highly technical areas including current/emerging technologies and key components of technology solutions such as networks, firewalls, operating systems, applications, databases, cloud services, data and information security, infrastructure, third party risk management, etc.
• Significant experience with public/private/hybrid cloud concepts (e.g, GCP, AWS), IaaS, PaaS and SaaS Services (compute, storage, network, security, administration, automation, application services, databases) in either native cloud or hybrid-cloud environments.
• Understanding of key infrastructure including micro-services architectures, Git, Infrastructure-as-a-code, Kubernetes, CI/CD frameworks.
• Advanced knowledge and experience with compliance and regulatory standards (e.g., DMA, DSA, PCI, ISO, Sarbanes Oxley, SOC 1, SOC 2, HIPAA, GDPR, etc.). Ability to understand new regulatory standards and develop approaches to evaluating compliance against these standards and frameworks.
• Experienced in utilizing large scale data environments to develop analytics or methods for monitoring risk areas and evaluating control performance. Experience in developing scaleable continuous monitoring solutions is highly preferred.
• Knowledge and understanding of software engineering languages (e.g., Python, SQL).
• SAP knowledge and experience is a plus.
• CISSP and CISA certifications are preferred but not required.

• Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant.