About the role

Aplyr's Quick Take

This role is about creating security detection logic to identify malicious activities across Apple's infrastructure. It's a hands-on technical position focused on programming in Scala and analyzing attacker behaviors to build effective defenses. This is an individual contributor role, not a management position.

Good fit

Ideal candidates will have a strong programming background, preferably with experience in security, and a keen interest in understanding cyber threats. Those who thrive here are likely curious, detail-oriented, and enjoy problem-solving in a technical environment.

Worth noting

The role emphasizes a proactive approach to security and requires collaboration with various engineering teams. It's worth noting that prior experience with Scala isn't mandatory, which may appeal to candidates looking to expand their skill set.

Summary

The people here at Apple don’t just craft products — they build the kind of wonder that revolutionizes entire industries. It’s the diversity of those people and their ideas that inspires the innovation that runs through everything we do, including our approach to security. Join Apple, and help us protect the services that billions of customers rely on every day. The Detection team within Apple Services Engineering (ASE) is responsible for building advanced detections that protect approximately three-quarters of Apple’s systems and services. We achieve this by partnering closely with engineering teams to develop a deep technical understanding of how these systems operate, along with a comprehensive grasp of the threat landscape. This allows us to build state-of-the-art security detections that proactively defend against real-world attacks. We’re looking for a Detection Creation Engineer who combines deep security intuition with technical implementation skills. In this role, you’ll craft detection logic that catches active malicious activity across Apple’s infrastructure. You’ll need to think like an attacker, understand how malicious behaviors manifest in telemetry data, and translate that knowledge into high-fidelity detections that protect our customers. This is a hands-on technical role where you’ll write detection code in Scala Spark (Databricks notebooks) and configuration files for on-host detection systems (such as Falco rules). While we don’t require prior Scala experience, we do expect strong programming fundamentals and the curiosity to dive deep into new technologies. If you’re passionate about understanding attacker tradecraft and translating that knowledge into defensive capabilities, we’d love to hear from you!

Description

As a Detection Creation Engineer on the ASE Detection Team, you will: Develop security detections that identify active malicious activity across Apple’s services and infrastructure, implementing detection logic in Scala Spark (Databricks) and on-host detection frameworks (Falco rules) Analyze attacker behaviors and translate them into observable patterns across diverse telemetry sources including system call events, network logs, database access logs, endpoint security telemetry, Kubernetes audit logs, and other security-relevant data sources Collaborate with engineering teams to understand system architectures, identify detection opportunities, and develop detections that are both high-fidelity and operationally sustainable Tune and optimize detections based on real-world alert data, reducing false positives while maintaining coverage of malicious behaviors Operationalize detections by working with security operations teams to ensure alerts are actionable, triaged efficiently, and integrated into incident response workflows Document detection logic and rationale to enable knowledge sharing across the security organization

Minimum Qualifications

5+ years of experience in security detection, threat hunting, incident response, penetration testing, red teaming, or related security disciplines Demonstrated understanding of real attacker behaviors, tactics, and techniques Proficiency in at least one programming language (Python, Scala, Java, Go, or similar) with the ability and willingness to learn Scala Bachelor’s degree in Computer Science, Cybersecurity, Engineering, Information Systems, or related field, or equivalent professional experience Experience analyzing security telemetry data to identify malicious activity or anomalous behaviors

Preferred Qualifications

Prior experience writing detections in Scala, Python, or other languages for large-scale data processing systems Experience with Apache Spark, Databricks, or similar large-scale distributed compute frameworks Hands-on experience with on-host detection rules engine systems (Falco or similar) Deep technical expertise in one or more areas: Linux system internals, network protocols, web application security, container/Kubernetes security, or cloud infrastructure Experience with multiple security-relevant telemetry sources: system call traces (network, process, file), endpoint detection and response (EDR) data, network traffic analysis, application logs, database audit logs, cloud provider audit logs Understanding of evasion techniques and how attackers attempt to avoid detection Contributions to open-source security projects or published research on detection techniques Experience with detection engineering at scale, including managing false positive rates and detection tuning methodologies

Aplyr's read

Apple is a tech giant known for its sleek design and innovation, attracting top talent in engineering, design, and business operations.
Synthesized from recent postings & public sources

What's promising

•Apple consistently leads in tech innovation with a strong focus on design and user experience.
•The company's global brand recognition offers employees a prestigious platform for career growth.
•Apple's robust ecosystem integrates hardware, software, and services, creating diverse job opportunities.

What to watch

•High-pressure work environment with demanding deadlines can impact work-life balance.
•Apple's secretive culture may limit transparency and cross-departmental communication.
•Dependence on hardware sales makes the company vulnerable to market saturation risks.

Why Apple

•Apple's design philosophy emphasizes simplicity and elegance, setting it apart in the tech industry.
•The company has a unique retail presence with its own stores enhancing customer experience.
•Apple's closed ecosystem creates a seamless integration across its products, unmatched by competitors.

Aplyr’s read is generated by AI from public sources. Was it useful?

About Apple

Apple

apple.com

View company

AAPL$295.95-1.10%

Apple Inc. is a leading technology company known for its innovative consumer electronics, software, and services. The company designs and manufactures products such as the iPhone, iPad, Mac computers, and wearables, significantly influencing the tech industry and consumer behavior worldwide.