In a fast-evolving digital world, our team seeks a Security Researcher with an offensive security mindset to tackle emerging cyber threats within Apple's critical ERP environment. You will play a pivotal role in safeguarding our dynamic, hybrid enterprise systems, which underpin Apple's supply chain, treasury, and customer experiences. This unique opportunity focuses on shifting security left by relentlessly pursuing and identifying vulnerabilities early and often within the development lifecycle. You will apply cutting-edge offensive security techniques, code analysis, and penetration testing to generate meaningful data that drives the evolution of secure development standards.
If you possess the necessary offensive security skills, an insatiable desire to find vulnerabilities in sophisticated systems, a passion for ethical hacking, and a strong curiosity for how enterprise systems function, we would love to meet you.
Description
Conduct advanced offensive security testing across Apple's hybrid SAP landscape, including:
Manual penetration testing of custom ABAP & Java applications, SAP Fiori apps, web applications, APIs, and mobile interfaces.
Vulnerability research and testing within SAP S/4HANA, ECC, BTP services, Ariba, Commerce Cloud, Signavio, LeanIX, and other integrated cloud-native systems.
Security assessments of underlying infrastructure and cloud environments supporting SAP.
Perform deep-dive source code reviews of sophisticated applications to identify security flaws and architectural weaknesses.
Develop custom scripts, tools, and proof-of-concept exploits to augment penetration testing activities, automate vulnerability discovery, and demonstrate impact.
Proactively identify and research emerging threats and attack vectors relevant to enterprise systems and the SAP ecosystem.
Document findings in high-quality, actionable reports and presentations, clearly communicating technical vulnerabilities, their business impact, and recommended remediations to engineering teams across the organization.
Collaborate closely with engineering and development teams to provide security advice, improve secure coding practices, and integrate security early into the development lifecycle (shift-left).
Assemble and analyze threat & vulnerability data to highlight issues and trends, and author enhanced development standards and security requirements.
Contribute to the team's security knowledge base, sharing expertise, developing technical documentation, and shaping testing methodologies.
Continuously learn and develop expertise in offensive security techniques and the intricacies of the SAP ecosystem.
Minimum Qualifications
Experience in offensive security, penetration testing, vulnerability research, or a related field (internships, research projects, open-source contributions, CTF participation, or bug bounty success are highly valued).
In-depth knowledge of web application security, API security, system and infrastructure security, and common attack techniques.
Ability to read, understand, and find vulnerabilities in sophisticated codebases (e.g., ABAP, Java, JavaScript, Go).
Proficiency in at least one scripting or programming language (e.g., Python, PowerShell, Bash, Go, Ruby, JavaScript )) for security automation and tool development.
Strong analytical, problem-solving, and critical thinking skills, with the ability to analyze complex challenges and produce creative solutions.
Preferred Qualifications
Relevant offensive security certifications (e.g., OSCP, OSWE, OSWP, eJPT) are highly regarded.
Experience with CTFs, hacking labs, bug bounty programs, or public security research/CVEs.
Knowledge of cloud architecture and security principles (e.g., AWS, Azure, GCP, SAP BTP).
Familiarity with modern cybersecurity concepts including AI/ML applications in security, cryptography, and prompt engineering for security tasks.
An insatiable curiosity for how complex enterprise systems work, with a mandatory desire to learn and understand the SAP ecosystem. (No prior SAP expertise required, but a strong aptitude and willingness to dive deep into this domain is essential).
Proficiency in MacOS and other Unix-based systems.
Experience with or a strong interest in learning ABAP is a significant plus.