Security Domain Expert, Perimeter and Network Security, Enterprise Technology Services

The Emerging Technologies team is seeking a Security Domain Expert to serve as the outward face and technical authority of Apple's perimeter and network security platform. You will represent the team across Apple — in architecture forums, security reviews, and leadership briefings — bringing deep expertise in perimeter security, proxy technologies, and threat mitigation to every engagement. This role requires hands-on experience with the technologies at the heart of our platform — proxies, origin, edge, application load balancers, service mesh, API & AI security gateways, WAF, DDoS mitigation, bot prevention, TLS termination/origination, and security policy enforcement across protocols (TCP, UDP, HTTP/HTTPS). You will apply that expertise to advise partner teams on how our security capabilities address their traffic and security challenges, and to represent the team's technical perspective in cross-organizational forums. You will also serve as the bridge between our engineering team and the broader Apple ecosystem — working directly with application teams to understand their security requirements, synthesizing cross-team needs to inform platform strategy and roadmap, and translating technical security concepts into clear narratives for leadership. This role spans deep technical engagement with security and infrastructure teams through to executive communication in equal measure. Serve as the domain authority for perimeter and network security across the Emerging Technologies organization — providing expert guidance on WAF, DDoS mitigation, bot prevention, TLS management, real-time threat intelligence, and security policy enforcement across proxy tiers. Represent the security platform in architecture forums, security reviews, cross-organizational reviews, and leadership briefings — serving as the team's technical voice in all external settings. Advise application teams across Apple on their traffic patterns and security requirements, articulating how the platform's capabilities — across edge proxies, origin/application load balancers, service mesh, and API & AI security gateways — address their specific needs. Evaluate emerging threats, attack vectors, and defensive technologies — bring industry perspective to shape the team's security strategy and keep Apple's defenses at the forefront. Drive alignment on cross-organizational security initiatives — build consensus on priorities, trade-offs, and sequencing for efforts that require coordinated action across security, infrastructure, SRE, cloud, and application teams. Synthesize cross-team intelligence — bring insights from partner engagements and organizational priorities back to the engineering team to inform and influence platform strategy and roadmap direction. Partner with the platform architect and engineering managers to ensure the team's technical direction — defense-in-depth strategy, threat coverage, and platform evolution across on-premises and cloud environments (GCP, AWS) — reflects real-world security needs. Contribute to technical design reviews and security architecture discussions, bringing the external perspective of partner team requirements and cross-organizational constraints. Assess gaps in cross-organizational security coverage; proactively recommend solutions and drive remediation in partnership with the engineering team. Translate complex perimeter security concepts into clear, compelling narratives for audiences ranging from engineers to senior leadership. Mentor and elevate team members in security domain knowledge, cross-functional engagement, and stakeholder communication. Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity, or equivalent technical discipline. 12+ years of experience in security engineering or security architecture, with a strong hands-on technical foundation. Deep expertise in perimeter and network security — WAF design, DDoS mitigation strategies, bot detection techniques, TLS/mTLS, TCP/IP, HTTP/HTTPS, and DNS security. Strong understanding of proxy technologies (NGINX, Envoy, HAProxy) across edge, origin, service mesh, and API gateway tiers — including how security controls are implemented and enforced at the proxy layer. Experience with security policy enforcement and configuration management across distributed infrastructure at scale. Familiarity with systems that span on-premises data centers and public cloud environments (GCP, AWS). Proven experience representing a security team as a domain authority — in architecture reviews, security forums, executive briefings, and cross-organizational planning. Experience working directly with application and infrastructure teams to understand their traffic and security requirements and design integrated solutions. Ability to communicate complex security topics with equal clarity to engineers and senior leadership. Track record of influencing security direction and outcomes across organizational boundaries without direct management authority. Excellent written and verbal communication skills. * M.S. in Computer Science, Computer Engineering, Cybersecurity, or Information Security. * Experience with proxy engine internals — C, C++, Lua, or WASM-based customization of NGINX, Envoy, or similar engines for implementing security controls in the runtime data path. * Experience with L4/L7 proxy architectures, protocol-level security, and load balancing strategies. * Understanding of orchestration/control plane systems for security policy distribution and lifecycle management at fleet scale. Familiarity with OWASP threat models, CVE analysis, threat landscape trends, and security incident response from an engineering perspective. Experience with service mesh architectures (Istio, Envoy-based), API & AI security gateway patterns, and containerization (Kubernetes, Docker). Knowledge of real-time threat intelligence distribution and event-driven security telemetry at scale. Recognized contributions to the security community — conference talks, published research, open-source contributions, or patents.

For more details click Job Post.