Security tooling - Senior Software Engineer

Confirmed live in the last 24 hours

Apple

Main Place

On-site

Posted April 1, 2026

Job Description

Summary

As part of Apple's Security Engineering & Architecture (SEAR) organization, you'll join our mission to create the world's most secure products. We are committed to creating groundbreaking tools that enable security researchers to delve deep into our numerous codebases and frameworks to identify any security concerns efficiently across Apple's full stack. We are seeking a Senior Software Engineer who combines deep software engineering expertise with the architectural thinking and operational discipline of a systems engineer. You will be the architect of the bridge between deep security tooling and the scalable, intelligent platforms that put those tools to work — integrating custom-built capabilities alongside external solutions into a unified, reliable analysis ecosystem.

Description

You will join a team at the intersection of security research and software engineering, where the work you build directly shapes the speed and depth at which Apple can identify and address vulnerabilities. The team has deep roots in security tooling — instruments purpose-built for vulnerability researchers that require deep knowledge of the platform. You will build on and extend this foundation to architect and operate the larger systems that orchestrate these tools, integrate external capabilities, and run automated analysis workflows at scale across Apple's codebases and infrastructure. In this role, you will design and implement the platform layer that connects individual analysis tools into coherent, automated pipelines. You will think carefully about system architecture: how components communicate, how workloads are scheduled and distributed, how results are aggregated and surfaced to researchers. You will be involved from initial architecture decisions through deployment, maintenance, and iteration. You will work hands-on with infrastructure — containerized deployments, service APIs, authentication and access controls, monitoring and observability — bringing operational rigor to systems that security teams depend on. You will also bring AI-informed thinking to the platform, identifying where intelligent automation can amplify the impact of the underlying tooling. Critically, you will collaborate closely with vulnerability researchers. Understanding how they work, what they need, and where bottlenecks exist will directly inform how the platform evolves. You are not expected to be a security researcher yourself, but genuine curiosity about the domain and a strong working knowledge of vulnerability research workflows are essential to doing this job well. Your work will compound the team's impact — enabling researchers to do in hours what might otherwise take weeks, and expanding Apple's ability to proactively secure its products at every layer of the stack.

Minimum Qualifications

Strong software engineering skills across systems and scripting languages (e.g. Python, Swift, C/C++) Familiarity with AI/ML workflows, LLM-assisted analysis, or intelligent automation pipelines Experience designing and building complex distributed systems or multi-component service architectures Familiarity with containerisation, orchestration, and cloud or on-premises infrastructure (e.g. Kubernetes, Docker) and modern DevOps practices

Preferred Qualifications

Prior experience building or scaling security research tooling for production use Experience integrating heterogeneous tooling ecosystems into cohesive platforms Effective communicator, able to translate complex technical systems to diverse audiences — engineers, researchers, and leadership alike Significant engineering experience, including multi-functional technical leadership Demonstrated ability to architect solutions to ambiguous, cross-functional problems — from initial design through delivery — working independently and in close collaboration with partner teams Understanding of vulnerability research concepts, offensive security tooling, or security analysis workflows (static, dynamic, or binary)