Job Description

Apple is seeking an outstanding person to support compliance and security certification efforts for WPC across multiple Apple devices! You will contribute to a range of technical compliance programs across the Wallet, Payments and Commerce team. This is a highly technical, hands-on role that requires experience and expertise with delivering security certifications to support. We are looking for someone to drive the certification of new and existing products, working closely with teams across Apple including Security Engineering, Software Engineering, Platform and Infrastructure, Hardware Engineering and external certification bodies and evaluation labs.

Description

Work closely with legal, compliance, security, engineering and product teams across Apple to gather information, test requirements and resolve any identified issues

Oversee the efficient and timely delivery of multiple certification programs

Manage and deliver Common Criteria certification projects for new and existing Apple products

Translate your technical knowledge and hands on experience into demonstrations of security controls and user features to external labs


Draft documentation for security certifications ensuring that these are accurate and easy to understand by multiple technical and non-technical teams. Own the interaction between the certifications team and security, business and product leadership as part of the review and approval process

Chances to work with compliance and privacy teams to expand on your knowledge of financial services regulation

Preferred Qualifications

Familiarity with both on-premises and cloud environments, with a solid understanding of their security, operational, and risk implications in digital payment systems and mobile implementations

Background in IT generical controls such as identity and access management, change and configuration management, incident management, threat and vulnerability management, data encryption, asset management, system resilience and etc., experience in assessing control effectiveness and capability of providing actionable insights to engineering and management teams for risk reduction/mitigation

Knowledge of control standards and risk frameworks such as PCI DSS, NIST 800-series

Minimum Qualifications

Good knowledge of technical application and security architecture for mobile payments systems and smart cards including cryptographic protection of associated data


Hands on experience delivering the technical aspects of certification programs using Common Criteria or similar security certification schemes; demonstrating and describing the technology supporting security features and reviewing and modifying platform code to test them

Strong written and verbal communication skills; ability to manage complex projects, working with multiple external and internal partners; working independently across multiple projects simultaneously

Knowledge of attack ratings and their application, based on the attack potential calculations defined by CEM (Common Methodology for Information Technology Security Evaluation)

Understanding of the wider FinTech industry, banking and associated regulatory requirements, e.g. PISA, HCE, DMA


Understanding code, threat modelling and logging configs

Understanding of Strong Customer Authentication (SCA) requirements as part of PSD2



At Apple, we're not all the same. And that's our greatest strength. We draw on the differences in who we are, what we've experienced and how we think. Because to create products that serve everyone, we believe in including everyone. Therefore, we are committed to treating all applicants fairly and equally. As a registered Disability Confident employer, we will work with applicants to make any reasonable accommodations. Apple will consider for employment all qualified applicants with criminal backgrounds in a manner consistent with applicable law. Learn more