Principal Security Software Engineer

Apple•Seattle, WA

About The Position

As a Principal Security Software Engineer, you'll tackle complex security challenges that span our entire infrastructure and services. You'll identify and resolve security issues across infrastructure, public cloud, applications, data stores and platforms, designing secure and scalable architectures that protect our services and customer data while enabling engineering teams to build quickly and confidently. Working closely with engineering, product, privacy, legal, and compliance teams, you'll translate security requirements into practical, developer-friendly solutions that embed protection into our systems from the ground up. This means identifying new approaches and tools that make secure-by-design the paved path, the default path, not an obstacle to overcome. You'll also strengthen security capabilities across the organization through mentorship and collaboration. That means partnering with engineers to build security skills through hands-on problem-solving, creating practical guidance that makes security concepts accessible and actionable. When emerging threats arise, you'll analyze new attack vectors, develop proactive defenses, and drive changes in our platforms and services. Success in this role means solving problems that require both deep technical expertise across security domains (cloud, network, application security, data protection) and the ability to collaborate effectively across teams to turn security theory into engineering reality.

Requirements

Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
10+ years of hands-on experience in security engineering, including expertise in one or more areas such as cloud security, network security, or application security.
Expert knowledge in threat modeling, vulnerability management, security architecture, and secure coding practices.
Deep expertise in AWS, GCP or Azure
Strong coding or scripting skills (e.g., Python, Go, Java) and experience with infrastructure-as-code (IaC) and DevSecOps practices.
Familiarity with regulatory and compliance frameworks (e.g., GDPR, PCI-DSS, HIPAA).
Proven ability to lead security strategy and mentor teams across functions, driving a security-focused culture.

Nice To Haves

Experience building a secure cloud, not just using one securely
Visionary: Capable of anticipating future challenges and crafting security strategies that prepare us to meet them.
Problem Solver: Analytical mentality with an aim to solve sophisticated security challenges and deliver balanced solutions.
Communicator: Outstanding communication skills, with the ability to influence and inspire technical and non-technical partners.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume