Apple logo
Apple

Well-known for creating the Mac, iPhone, iPad, and Apple Watch, as well as its App Store, Apple Music, Apple Pay, and iTunes services, Apple's goal is to leave the world better tha

Offensive Security Researcher - Wireless Security

Location

France

Posted

4 days ago

Salary

0

Seniority

Mid Level

Job Description

Offensive Security Researcher - Wireless Security

Apple

Role Description Apple's Security Engineering & Architecture organization is responsible for the security of all Apple products. Protecting our users is at the heart of everything we build, and our team takes an offensive approach to that mission by uncovering and fixing vulnerabilities impacting one of the world's most sophisticated ecosystems before adversaries can ever exploit them, all at the scale of more than one billion devices. In this role, your primary focus will be on the wireless attack surface of Apple platforms. You will conduct offensive security research across: - Cellular/baseband - Wi-Fi - Bluetooth stacks - Other wireless protocols such as Thread, NFC, and UWB These radios are reachable over the air and represent some of the most impactful proximity- and remote-triggerable attack surfaces on our devices. You will work in cross-functional teams alongside other researchers and engineering teams to identify and help eliminate vulnerabilities before they can be exploited. Knowledge of Apple operating systems such as iOS or macOS is a plus, but not required. This job is for individuals with outstanding technical skills, grit, and a genuine passion for breaking systems — so we can build them stronger. If this is you, we'd love to hear from you. In-office roles in Paris, Cupertino, and other locations. Remote considered for experienced candidates. Qualifications - Proven experience in vulnerability research targeting wireless technologies such as cellular/baseband, Wi-Fi, or Bluetooth - Strong understanding of vulnerability classes and exploitation techniques relevant to wireless protocol stacks and radio firmware, such as: - Memory corruption - Parsing and state-machine flaws - Cryptographic and authentication weaknesses - Protocol downgrade or logic attacks - Ability to apply AI techniques and tools, such as LLMs or Machine Learning, for security research activities Requirements - Deep knowledge of cellular technologies and 3GPP standards (2G/3G/4G/5G), baseband processors, and modem firmware internals - Experience analyzing protocol stacks, including their firmware, host-controller interfaces, and over-the-air protocol behaviour of wireless technologies like Wi-Fi (802.11) and Bluetooth/BLE or other short-range protocols like Thread, NFC, or UWB - Familiarity with binary reverse-engineering using tools like IDA and Ghidra, as well as the practical RF and over-the-air toolset, such as software-defined radio (SDR) and other equipment for capturing and injecting wireless signals

Related Categories

Related Job Pages

More Security Engineer Jobs

Xenon Seven logo

AI Cybersecurity Engineer – Offensive Security, Threat Modeling

Xenon Seven

Human Experts Implementing Artificial Intelligence #AI #ArtificialIntelligence #HumanIntelligence

ContractRemoteTeam 11-50H1B No Sponsor

• Predictive AI Threat Modeling: Lead advanced threat-modeling exercises across the bank’s localized AI/ML pipelines, data repositories, and training environments. Anticipate sophisticated attacker behaviors to design preemptive security guardrails before models are moved to production. • AI Red Teaming & Offensive Simulations: Conduct targeted offensive operations and ethical hacking against our on-premises AI infrastructure. Simulate real-world adversarial attacks, including data poisoning, model inversion, membership inference, evasion attacks, and prompt injection. • Framework Mapping with MITRE ATLAS: Implement and operationalize the MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework. Map identified vulnerabilities to ATLAS tactics and techniques to build a robust, AI-specific defensive matrix aligned with traditional MITRE ATT&CK. • On-Premises Infrastructure Hardening: Assess and secure the physical and virtual infrastructure hosting our AI workloads, including bare-metal GPU clusters, local containerized environments (Kubernetes/OpenShift), and private data registries, ensuring strict isolation from external threats. • Proactive Risk Management & Early Detection: Collaborate with the SOC and data engineering teams to build predictive detection use-cases and custom alerts. Identify the early warning signs of an AI-targeted attack or data exfiltration attempt before malicious actors can compromise model integrity.

Serbia
Xenon Seven logo

AI Cybersecurity Architect – Governance, Control Frameworks

Xenon Seven

Human Experts Implementing Artificial Intelligence #AI #ArtificialIntelligence #HumanIntelligence

ContractRemoteTeam 11-50H1B No Sponsor

• Establish AI Security Governance Frameworks: Author, implement, and maintain the bank's enterprise-wide AI Security Policy. Align our internal AI governance with international standards (such as NIST AI RMF, ISO/IEC 42001, and OWASP Top 10 for LLMs) while strictly ensuring compliance with evolving Central Bank of Egypt (CBE) regulations and the Egyptian Data Protection Law. • Design & Build Cybersecurity Controls: Architect, enforce, and validate technical and administrative security controls tailored for the entire AI/ML lifecycle (Data Ingestion, Training, Deployment, and Inference). This includes building robust controls against data poisoning, model inversion, prompt injection, and unauthorized data exfiltration. • Secure MLOps Architecture: Define the reference architectures and secure guardrails for our Machine Learning Operations (MLOps) pipelines. Ensure that security checks, vulnerability scanning, and model integrity verifications are seamlessly integrated into our continuous deployment workflows. • Advanced AI Threat Modeling & Risk Assessment: Lead comprehensive risk assessments and threat-modeling exercises on all proprietary and third-party AI implementations. Identify structural risks in algorithmic logic, training data pipelines, and API integrations, translating technical risks into clear business governance metrics. • Third-Party & Vendor AI Governance: Develop and execute rigorous cybersecurity assessment frameworks for evaluating third-party AI tools, cloud-hosted models, and external vendors, ensuring they meet the bank’s strict data privacy and control standards.

India
ECS Tech Inc logo

Cyber Security System Engineer II (SOAR/SIEM Engineer)

ECS Tech Inc

All candidates must meet the following criteria: Must be a US Citizen, no dual Citizenships. Must be able to secure a Public trust clearance. Must be able to work across multiple programs across the Federal and DOD space. The core values that ECS looks for in an engagement manager include: Teamwork, Respect, Accountability, Integrity, and Leadership.

Full TimeRemoteH1B No Sponsor

Role Description Everforth ECS is seeking a Cyber Security System Engineer II (SOAR/SIEM Engineer) to work Remotely. Please Note: This position is contingent upon contract award. - Engineers, administers, and maintains CI's SOAR and SIEM platforms. - Develops automated playbooks for alert triage, enrichment, case management, and incident response. - Performs onboarding, correlation tuning, dashboards, retention, and compliance configuration. - Ensures platform availability and alignment with federal security requirements. Qualifications - Bachelors’ Degree in Cybersecurity, IT, or related field. - 5+ years of relevant experience. - IRS CI - IRS High Risk Clearance. - Experience in SIEM engineering, log onboarding, parser development, and correlation tuning. - SOAR platform engineering, playbook development, and automation design skills. - Proficiency integrating SIEM/SOAR with scanners, EDR, DLP, IAM/PAM, and ticketing systems. - Knowledge of NIST, FISMA, IRS IRM 10.8, CDM requirements. - Ability to build and maintain system baselines and architecture documentation.

United States

Role Description The Computer System Validation (CSV) Lead is responsible for developing, executing, and maintaining the validation strategy for GxP-regulated computerized systems supporting manufacturing, laboratory, and quality operations. This role ensures that all systems comply with applicable regulatory requirements, including FDA 21 CFR Part 11, EU Annex 11, and GAMP 5, and that validation deliverables are developed in alignment with corporate and industry best practices. - Lead the planning and execution of validation projects for GxP computerized systems (manufacturing, laboratory, and quality). - Author and/or review CSV deliverables including Validation Plans, Risk Assessments, User Requirements Specifications (URS), Functional Specifications (FS), Design Qualification (DQ), IQ/OQ/PQ protocols, and summary reports. - Ensure compliance with 21 CFR Part 11, EU Annex 11, GAMP 5, and applicable company SOPs and policies. - Collaborate with cross-functional teams (IT, QA, Manufacturing, Lab, and vendors) to define validation scope, strategy, and deliverables. - Lead impact assessments for software upgrades, patches, and configuration changes; ensure continuous validation state is maintained. - Support data integrity initiatives and periodic review programs. - Manage audit readiness for all validated systems; support internal and external inspections (FDA, EMA, MHRA, etc.). - Develop and maintain validation templates, SOPs, and training programs. Qualifications - Bachelor’s degree in computer science, Engineering, Life Sciences, or related discipline. - Minimum 5–8 years of experience in computer system validation or IT quality compliance within the pharmaceutical or biotech industry. - Deep understanding of GxP Principles, GAMP 5 lifecycle methodology, and 21 CFR Part 11 / Annex 11 compliance. - Experience leading validation of enterprise and laboratory systems such as LIMS, MES, QMS, ERP, or data historians (e.g., OSI PI, Empower, SAP, LabWare, etc.). - Strong technical writing and documentation skills with attention to detail. - Proven ability to manage multiple projects and priorities in a fast-paced, regulated environment. Requirements - Master’s Degree (MBA, MIS, or related field). - Experience with cloud-based or SaaS GxP systems. - Familiarity with data integrity, cybersecurity, and IT infrastructure qualification (IQ of servers, networks, virtualization). - Project management or Lean Six Sigma certification. Benefits - Medical, Dental and Vision Insurance. - Generous Paid Time Off options, including Vacation and Sick time, plus national holidays including year-end shut down. - 401(k) match and annual company contribution. - Company paid life insurance. - Annual Corporate Bonus and Quarterly Sales Incentive for eligible positions. - Long Term Incentive Plan for eligible positions. - Company fleet vehicle for eligible positions. - Referral bonus program.

United States
$105.3K - $150.4K / year