Senior Manager - Strategic Risk

The Apple Service Engineering (ASE) team builds and provides systems and infrastructure that fuel Apple's services (such as Apple TV, App Store, Apple Music, Apple Fitness, iCloud, Siri, and Maps). We are the foundation on which Apple's software developers build the products that our customers love. Our services have to scale globally, stay highly available, and meet the high security expectations for our billions of customers.

The Security team within ASE is seeking a Senior Manager to mature our strategic risk management program. This is a critical leadership role where the successful leader will establish scalable processes to identify, document and mitigate strategic risks. The ideal candidate is a hands-on, strategic leader with a track record of building risk management programs.

In this role, you will work with highly skilled security professionals passionate about identifying, assessing, and mitigating security risks. This role is central to the controls that protect Apple's customers, data, and brand. You'll have the opportunity to build security processes and technology with a truly global impact.

Key responsibilities include:

- Evaluate and assess threats and vulnerabilities to inform risk decisions and security strategy.

- Collaborate with cross-functional teams to strengthen Apple's security posture across incident response and vulnerability management.

- Lead and coordinate response activities in alignment with Apple's Emergency Response Plan and Security Operations Center (SOC).

- Develop and execute playbooks for common security issues.

- Conduct research and post-incident analysis to refine response strategies.

- Partner with teams to deliver training and workshops on security response best practices.

- Define clear criteria and protocols for security emergency response.

B.S. in Computer Science, Engineering, or equivalent technical field-or equivalent practical experience. Security certifications such as OSCP, GIAC, or CCNP/CCIE are a plus.

Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery). Understanding of exploit development and conditions required to trigger different vulnerability types.

7+ years of experience in Information Security with a focus on incident response, security engineering, or intrusion detection. Deep understanding of threat modeling, operational threat intelligence, and common attack vectors and frameworks. Strong knowledge of system and network hardening practices. Exceptional analytical and investigative skills, with hands-on experience in root cause analysis. Experience applying AI/ML techniques to analyze CVEs and prioritize high-risk vulnerabilities.

In-depth knowledge of macOS, Linux, or Windows operating systems and distributed systems design. Expertise in analyzing endpoint, network, and application logs ipting and/or software development experience. Demonstrated ability to design, document, and implement new security processes.