Security Domain Expert, Perimeter and Network Security, Enterprise Technology Services

Job description

At Apple, new insights often become revolutionary products, services, and customer experiences very quickly. Bring passion and dedication to your job, and there's no telling what you could accomplish. The Emerging Technologies team within IS&T specializes in building forward-looking, extremely scalable systems and solutions in two areas: Information Security and general-purpose, reusable platforms in the space of Integration and Orchestration. The team has a passion for solving challenging problems, exploring new domains, and engineering transformational solutions. We operate with a startup mindset — lean teams, high ownership, and technical leaders who flex across domains to build and scale new capabilities.
The Emerging Technologies team is seeking a Security Domain Expert to serve as the outward face and technical authority of Apple's perimeter and network security platform. You will represent the team across Apple — in architecture forums, security reviews, and leadership briefings — bringing deep expertise in perimeter security, proxy technologies, and threat mitigation to every engagement.
This role requires hands-on experience with the technologies at the heart of our platform — proxies, origin, edge, application load balancers, service mesh, API & AI security gateways, WAF, DDoS mitigation, bot prevention, TLS termination/origination, and security policy enforcement across protocols (TCP, UDP, HTTP/HTTPS). You will apply that expertise to advise partner teams on how our security capabilities address their traffic and security challenges, and to represent the team's technical perspective in cross-organizational forums.

You will also serve as the bridge between our engineering team and the broader Apple ecosystem — working directly with application teams to understand their security requirements, synthesizing cross-team needs to inform platform strategy and roadmap, and translating technical security concepts into clear narratives for leadership. This role spans deep technical engagement with security and infrastructure teams through to executive communication in equal measure.

<h3>Minimum Qualifications</h3>Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent technical discipline.
12+ years of experience in security engineering or security architecture, with a strong hands-on technical foundation.
Deep expertise in perimeter and network security — WAF design, DDoS mitigation strategies, bot detection techniques, TLS/mTLS, TCP/IP, HTTP/HTTPS, and DNS security.
Strong understanding of proxy technologies (NGINX, Envoy, HAProxy) across edge, origin, service mesh, and API gateway tiers — including how security controls are implemented and enforced at the proxy layer.
Experience with security policy enforcement and configuration management across distributed infrastructure at scale.
Familiarity with systems that span on-premises data centers and public cloud environments (GCP, AWS).
Proven experience representing a security team as a domain authority — in architecture reviews, security forums, executive briefings, and cross-organizational planning.
Experience working directly with application and infrastructure teams to understand their traffic and security requirements and design integrated solutions.
Ability to communicate complex security topics with equal clarity to engineers and senior leadership.
Track record of influencing security direction and outcomes across organizational boundaries without direct management authority.
Excellent written and verbal communication skills.
<h3>Preferred Qualifications</h3>* M.S. in Computer Science, Computer Engineering, Cybersecurity, or Information Security.
* Experience with proxy engine internals — C, C++, Lua, or WASM-based customization of NGINX, Envoy, or similar engines for implementing security controls in the runtime data path.
* Experience with L4/L7 proxy architectures, protocol-level security, and load balancing strategies.
* Understanding of orchestration/control plane systems for security policy distribution and lifecycle management at fleet scale.
Familiarity with OWASP threat models, CVE analysis, threat landscape trends, and security incident response from an engineering perspective.
Experience with service mesh architectures (Istio, Envoy-based), API & AI security gateway patterns, and containerization (Kubernetes, Docker).
Knowledge of real-time threat intelligence distribution and event-driven security telemetry at scale.
Recognized contributions to the security community — conference talks, published research, open-source contributions, or patents.