Lead Engineering and Security Auditor

Austin, Texas, United States Corporate Functions

Apple is a place where extraordinary people gather to do their best work. If you’re excited by the idea of making a real impact, a career with Apple might be your dream job—just be prepared to dream big! As a highly skilled individual with broad experience in evaluating technology risk areas from multiple perspectives, you are passionate about executing projects and proposing thoughtful and practical solutions as recommendations.

You are a motivated individual and are skilled at navigating complex environments both technically and organizationally to get quality projects done. If you are a highly motivated self-starter who thrives in ambiguity and dynamic environments, then you should consider joining us

The Internal Audit Department is seeking a Lead Engineering and Security Auditor who possesses a broad and diverse skillset to lead complex audit projects and assessments from start to finish. In this role, you will leverage your experience and expertise to actively identify risk areas and be a key contributor to the development of our plan. You will also play a crucial role in scoping, executing, and delivering a portfolio of technical projects.

This is a high-visibility role on a small team that will provide you an opportunity to contribute to the organization’s control environment while also gaining exposure to many business areas.

• 7+ years experience in performing highly technical audits/assessments or leading or developing technical risk and compliance programs for engineering and security organizations.
• Bachelor’s degree in Computer Science, Engineering, or related discipline, or commensurate experience

• Strong knowledge and hands on experience in the operation of technology practices and controls, including but not limited to: applications and infrastructure, threat and vulnerability assessments, change management, release management, access management, data center operations, third party cloud, asset management, networks and firewalls, data privacy, artificial intelligence and machine learning, databases, business continuity, disaster recovery, third party risk management, and emerging risk areas.
• Demonstrated proficiency in conducting reviews (e.g., audits, assessments, etc.) of highly technical areas including current/emerging technologies and key components of technology solutions such as networks, firewalls, operating systems, applications, databases, cloud services, data and information security, infrastructure, third party risk management, etc.
• Familiarity with public/private/hybrid cloud concepts (e.g, GCP, AWS), IaaS, PaaS and SaaS Services (compute, storage, network, security, administration, automation, application services, databases) in either native cloud or hybrid-cloud environments.
• Understanding of key infrastructure including micro-services architectures, Git, Infrastructure-as-a-code, Kubernetes, CI/CD frameworks.
• Strong knowledge and experience with compliance and regulatory standards (e.g., DMA, DSA, PCI, ISO, Sarbanes Oxley, SOC 1, SOC 2, HIPAA, GDPR, etc.). Ability to understand new regulatory standards and develop approaches to evaluating compliance against these standards and frameworks.
• Experienced in utilizing large scale data environments to develop analytics or methods for monitoring risk areas and evaluating control performance. Experience in developing scaleable continuous monitoring solutions is highly preferred.
• Knowledge and understanding of software engineering languages (e.g., Python, SQL).
• Ability to get things done, experience in delivering end-to-end projects timely with a high degree of quality. Proven ability to work well on a team, as well as independently, with limited supervision.
• Self-starter, exceptionally curious, can navigate ambiguity and challenges consistently, adapts well to change, and enjoys working in a dynamic environment.
• Highly collaborative. You possess a strong ability to work collaboratively as a member of the team and with cross-functional partners on detail oriented projects.
• Effective at seeing around corners and…