Lead Engineering and Security Auditor Cupertino,California,United States Corporate Functions Apple is a place where extraordinary people gather to do their best work. If you’re excited by the idea of making a real impact, a career with Apple might be your dream job—just be prepared to dream big! As a highly skilled individual with broad experience in evaluating technology risk areas from multiple perspectives, you are passionate about executing projects and proposing thoughtful and practical solutions as recommendations. You are a motivated individual and are skilled at navigating complex environments both technically and organizationally to get quality projects done. If you are a highly motivated self-starter who thrives in ambiguity and dynamic environments, then you should consider joining us. **Description** The Internal Audit Department is seeking a Lead Engineering and Security Auditor who possesses a broad and diverse skillset to lead complex audit projects and assessments from start to finish. In this role, you will leverage your experience and expertise to actively identify risk areas and be a key contributor to the development of our plan. You will also play a crucial role in scoping, executing, and delivering a portfolio of technical projects. This is a high-visibility role on a small team that will provide you an opportunity to contribute to the organization’s control environment while also gaining exposure to many business areas. **Minimum Qualifications** + 7+ years experience in performing highly technical audits/assessments or leading or developing technical risk and compliance programs for engineering and security organizations. + Bachelor’s degree in Computer Science, Engineering, or related discipline, or commensurate experience **Key Qualifications** **Preferred Qualifications** + Strong knowledge and hands on experience in the operation of technology practices and controls, including but not limited to: applications and infrastructure, threat and vulnerability assessments, change management, release management, access management, data center operations, third party cloud, asset management, networks and firewalls, data privacy, artificial intelligence and machine learning, databases, business continuity, disaster recovery, third party risk management, and emerging risk areas. + Demonstrated proficiency in conducting reviews (e.g., audits, assessments, etc.) of highly technical areas including current/emerging technologies and key components of technology solutions such as networks, firewalls, operating systems, applications, databases, cloud services, data and information security, infrastructure, third party risk management, etc. + Familiarity with public/private/hybrid cloud concepts (e.g, GCP, AWS), IaaS, PaaS and SaaS Services (compute, storage, network, security, administration, automation, application services, databases) in either native cloud or hybrid-cloud environments. + Understanding of key infrastructure including micro-services architectures, Git, Infrastructure-as-a-code, Kubernetes, CI/CD frameworks. + Strong knowledge and experience with compliance and regulatory standards (e.g., DMA, DSA, PCI, ISO, Sarbanes Oxley, SOC 1, SOC 2, HIPAA, GDPR, etc.). Ability to understand new regulatory standards and develop approaches to evaluating compliance against these standards and frameworks. + Experienced in utilizing large scale data environments to develop analytics or methods for monitoring risk areas and evaluating control performance. Experience in developing scaleable continuous monitoring solutions is highly preferred. + Knowledge and understanding of software engineering languages (e.g., Python, SQL). + Ability to get things done, experience in delivering end-to-end projects timely with a high degree of quality. Proven ability to work well on a team, as well as independently, with limited supervision. + Self-starter, exceptionally curious, can navigate ambiguity and challenges consistently, adapts well to change, and enjoys working in a dynamic environment. + Highly collaborative. You possess a strong ability to work collaboratively as a member of the team and with cross-functional partners on detail oriented projects. + Effective at seeing around corners and identifying/anticipating risk areas and the ability to navigate the organization to trigger thoughtful conversations + Excellent project management and organizational skills. + Ability to develop and deliver effective presentations to audiences and tailoring the message to the appropriate level, excellent communication skills, and ability to clearly articulate the impact of technical details to non-technical audiences. + SAP knowledge and experience is a plus. + CISSP and CISA certifications are preferred but not required. **Education & Experience** **Additional Requirements** **Pay & Benefits** + At Apple, base pay is one part of our total compensation package and is determined within a range. This provides the opportunity to progress as you grow and develop within a role. The base pay range for this role is between $165,500 and $248,700, and your base pay will depend on your skills, qualifications, experience, and location.Apple employees also have the opportunity to become an Apple shareholder through participation in Apple’s discretionary employee stock programs. Apple employees are eligible for discretionary restricted stock unit awards, and can purchase Apple stock at a discount if voluntarily participating in Apple’s Employee Stock Purchase Plan. You’ll also receive benefits including: Comprehensive medical and dental coverage, retirement benefits, a range of discounted products and free services, and for formal education related to advancing your career at Apple, reimbursement for certain educational expenses — including tuition. Additionally, this role might be eligible for discretionary bonuses or commission payments as well as relocation.Learn more (https://www.apple.com/careers/us/benefits.html) about Apple Benefits.Note: Apple benefit, compensation and employee stock programs are subject to eligibility requirements and other terms of the applicable plan or program. + Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics.Learn more about your EEO rights as an applicant. (https://www.eeoc.gov/sites/default/files/2023-06/22-088\_EEOC\_KnowYourRights6.12ScreenRdr.pdf) **Apple Footer** Apple is an equal opportunity employer that is committed to inclusion and diversity. We take affirmative action to ensure equal opportunity for all applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, Veteran status, or other legally protected characteristics. Learn more about your EEO rights as an applicant (Opens in a new window) . Apple will not discriminate or retaliate against applicants who inquire about, disclose, or discuss their compensation or that of other applicants. United States Department of Labor. Learn more (Opens in a new window) . Apple participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program (Opens in a new window) . Apple is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. Reasonable Accommodation and Drug Free Workplace policy Learn more (Opens in a new window) . Apple is a drug-free workplace. Reasonable Accommodation and Drug Free Workplace policy Learn more (Opens in a new window) . Apple will consider for employment all qualified applicants with criminal histories in a manner consistent with applicable law. If you’re applying for a position in San Francisco, review the San Francisco Fair Chance Ordinance guidelines (opens in a new window) applicable in your area. It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.