Wallet and Payment Security Certification Engineer

Apple is seeking an outstanding person to support compliance and security certification efforts for WPC across multiple Apple devices! You will contribute to a range of technical compliance programs across the Wallet, Payments and Commerce team. This is a highly technical, hands-on role that requires experience and expertise with delivering security certifications to support. We are looking for someone to drive the certification of new and existing products, working closely with teams across Apple including Security Engineering, Software Engineering, Platform and Infrastructure, Hardware Engineering and external certification bodies and evaluation labs., Work closely with legal, compliance, security, engineering and product teams across Apple to gather information, test requirements and resolve any identified issues Oversee the efficient and timely delivery of multiple certification programs Manage and deliver Common Criteria certification projects for new and existing Apple products Translate your technical knowledge and hands on experience into demonstrations of security controls and user features to external labs Draft documentation for security certifications ensuring that these are accurate and easy to understand by multiple technical and non-technical teams. Own the interaction between the certifications team and security, business and product leadership as part of the review and approval process Chances to work with compliance and privacy teams to expand on your knowledge of financial services regulation

Do you have experience in NIST standards?, Familiarity with both on-premises and cloud environments, with a solid understanding of their security, operational, and risk implications in digital payment systems and mobile implementations Background in IT generical controls such as identity and access management, change and configuration management, incident management, threat and vulnerability management, data encryption, asset management, system resilience and etc., experience in assessing control effectiveness and capability of providing actionable insights to engineering and management teams for risk reduction/mitigation Knowledge of control standards and risk frameworks such as PCI DSS, NIST 800-series

Minimum Qualifications Good knowledge of technical application and security architecture for mobile payments systems and smart cards including cryptographic protection of associated data Hands on experience delivering the technical aspects of certification programs using Common Criteria or similar security certification schemes; demonstrating and describing the technology supporting security features and reviewing and modifying platform code to test them Strong written and verbal communication skills; ability to manage complex projects, working with multiple external and internal partners; working independently across multiple projects simultaneously Knowledge of attack ratings and their application, based on the attack potential calculations defined by CEM (Common Methodology for Information Technology Security Evaluation) Understanding of the wider FinTech industry, banking and associated regulatory requirements, e.g. PISA, HCE, DMA Understanding code, threat modelling and logging configs Understanding of Strong Customer Authentication (SCA) requirements as part of PSD2