Summary

Join the Apple Cloud Object Store (ACOS) team as a Software Engineer with a focus on security. The ACOS team, which is part of Apple Services Engineering organisation, is one of the most critical infrastructure teams at Apple, storing and serving petabytes of data across Apple's services. The ASE organization builds and operates the cloud infrastructure underpinning Apple's services, bringing together compute, storage, networking, and security into a unified Apple Cloud platform. In this role you'll work at the intersection of distributed systems engineering and security — building the authentication, authorisation, and encryption foundations that protect data at exabyte scale.

Description

The security challenges in a large-scale cloud object store are deep and varied. You will work on problems such as: designing and evolving authentication systems to meet modern security standards; implementing and improving encryption-at-rest schemes with robust key lifecycle management at scale; building IAM policy enforcement at high throughput; driving compliance for a multi-region storage platform; and conducting threat modeling for a system handling hundreds of thousands of requests per second. You'll also contribute to broader storage engineering work — durability, availability, multi-tenancy, and performance — making this a well-rounded SWE role with a security-first mindset.

Responsibilities

• Join a highly collaborative team that values mutual support and security-first engineering. We prioritise continuous learning and career growth, with real ownership of the security posture of ACOS.
• Own and contribute to security infrastructure projects across authentication, authorisation, and encryption — building platforms that the rest of the storage org consumes.
• Implement and evolve authentication systems to meet modern security standards: improving credential security, integrating with other Apple services, and ensuring consistent auth across storage products.
• Build and maintain encryption-at-rest infrastructure: key lifecycle management, encryption standard upgrades, and ensuring cryptographic coverage at scale..
• Participate in threat modeling for new and existing features; embed security reviews into the design and launch process.
• Identify, scope, and lead projects that span security, reliability, isolation, scalability, and maintainability — this is a broad SWE role, not a pure security role.
• Work across teams to identify improvement areas, build consensus, and participate in roadmap and security planning discussions.
• Collaborate with Apple's Security and Privacy orgs, serving as the storage org's point of contact for security matters.
  
  

Minimum Qualifications

• Solid backend software engineering experience with strong computer science fundamentals: networking, distributed systems, and security concepts.
• Good understanding of authentication and authorisation: familiarity with protocols such as SigV4, OAuth2, mTLS, or IAM-style policy systems.
• Understanding of cryptographic fundamentals: symmetric encryption, key hierarchies, certificate management, or secret management systems.
• Experience driving complex projects end-to-end and collaborating across teams.
  
  

Preferred Qualifications

• Experience with IAM systems, STS/short-lived credentials, or policy-based access control.
• Hands-on experience with encryption infrastructure: key rotation, envelope encryption, or integrating with secret managers (e.g., HashiCorp Vault, AWS KMS, or equivalent).
• Familiarity with compliance frameworks such as PCI-DSS or SOX in a cloud infrastructure context.
• Experience with threat modeling methodologies or conducting security design reviews.