Risk Treatment Analyst, Information Security


Apple Information Security is looking for an experienced professional who is a self-starter, organized, and passionate about security and attention to detail. You will join a team who is passionate about staying up to date on emerging security vulnerabilities and threats, keeps a cool head in crisis, and advocates every single day for improving the security of Apple products and services. Successful candidates will need to have a good technical background, superb interpersonal skills, and a strong technical writing and communication skills.

Apple is seeking a Risk Treatment/Management Analyst for the Apple Information Security Assurance organization supporting the Vulnerability Management program and Risk Reduction program across all Apple properties. This is a technical, hands-on role in a multifaceted and fast-paced environment!

You will be working with various teams within Apple and across all levels of management to identify, capture, record, and track risks to closure across Apple. The ideal candidate is someone with a proven track record, sound technical knowledge and skills in a technical information security engineering role, technical writing role, familiar with vulnerability management and detection, risk management, and governance, risk, and compliance (GRC).


Minimum Education Level: Bachelor's

Education & Experience

  • BS in Computer Science, Information Technology or related field and 5+ years experience in an Information Security domain is preferred
  • Information Security Specific Certifications preferred: CISSP, CISM, CRISC, or SANS GIAC certifications

Key Qualifications

  • Superb communication skills with an ability to convey complex concepts to all levels of personnel (staff to executive)
  • Expertise in risk/threat/vulnerability analysis and discovery as well as exploitation process and techniques
  • Expertise in mitigation and defense against known risks
  • Strong information security skills and background
  • Familiarity with common security vulnerabilities in code and the ability to judge their severity and impact
  • Driven to automate and continuously improve
  • Passionate about keeping our customers data safe
  • Good knowledge of integrating, analyzing, and communicating relevant metrics for very large data sets
  • Experience with risk frameworks related but not limited to the following: SOX, SSAE16, ISO 27001, PCI, GDPR, HIPAA
  • Strong programming skills (ability to create efficient algorithms and data structures)
  • Expertise in one or more of the following programming languages: Go, Java, C, Rust, Scala
  • Expertise in the following scripting languages: Python, Shell script
  • Shown ability and dedication to work both independently and reciprocally with numerous people and parallel activities at all levels throughout the company
  • Ability to thrive in a fast-paced, dynamic, sometimes ambiguous environment
  • Sound business discernment and flexibility/adaptability to handle multiple wide-ranging matters, conflicting deadlines, and new areas of expertise as business needs change
  • Excellent problem identification, problem solving, and analytical skills
  • Ability to grasp the essence of new technical concepts and explain technical jargon in simplified terms
  • Good technical knowledge of security and privacy controls at application, servers, database and network level
  • Experience assessing security controls for various technology platforms including Cloud technologies, OS, DB and Networks.
Posted: December 27, 2020
<< Back to Job-Board