Offensive Security Researcher - Remote Attack Surface, Irving

Apple"s Security Engineering \u0026 Architecture organization is responsible for the security of all Apple products. Passionate about safeguarding our users, we take an offensive approach to defense— finding and fixing vulnerabilities before they can be exploited. When it comes to securing more than a billion devices running the world"s most sophisticated operating systems, that means finding vulnerabilities first.\\n\\nCan you make a difference on this scale? Join our extraordinary team ofsecurity researchers and help protect all Apple users. We engage in various activities, including vulnerability research, binary exploitation, security tooling development, fuzzing, machine learning, and many more. By developing and harnessing state-of-the-art technologies, we amplify our impact onApple"s product security.\\n\\nIn this role, your primary focus will be on the remote attack surface of Apple platforms. You will conduct offensive security research on browsers, messaging applications, media frameworks, and other network-reachable components — areas where a single vulnerability can have the broadest impact on our users. You will work in cross-functional teams alongside other researchers and engineering teams to identify and help eliminate vulnerabilities before they can be exploited.\\n\\nThis job is for individuals with outstanding technical skills, grit, and a genuine passion for breaking systems — so we can build them stronger.\\n\\nIf this is you, we"d love to hear from you.\\n\\nIn-office roles in Paris, Cupertino, and other locations. Remote considered for experienced candidates. Proven experience in vulnerability research targeting browsers, messaging applications, or other network-facing attack surfaces\\nStrong understanding of common vulnerability classes and exploitation techniques relevant to remote attack surfaces, such as memory corruption, logic errors, and type confusion in large C/C++ codebases\\nOutstanding collaboration skills\\nAbility to apply AI techniques and tools, such as LLMs or Machine Learning, for security research Deep knowledge of browser internals such as JavaScript engine JIT compilation, sandboxing mechanisms, and inter-process communication\\nExperience auditing and exploiting messaging frameworks and media parsing libraries\\nFamiliarity with network protocol analysis and fuzzing of remote-reachable services\\nFluency with tool development, using programming languages such as C, C++, Python, Swift, or Objective-C\\nExperience with reverse-engineering techniques and tools like IDA or Ghidra\\nKnowledge of Apple operating systems like iOS or macOS is nice-to-have, but not required