RT @radian: 🔺New on Apple Security Research blog: a deeply comprehensive Private Cloud Compute security guide, and an unprecedented Virtual….

This is an in-person role based in Cupertino, California.

If using Swift to improve the security of performance critical software like parsers and codecs sounds like your dream job, and you’re excited to do that on a team that values collaboration and teamwork, please get in touch!.

Our focus is on significant and durable security improvements. We aren’t fixing individual bugs; we’re making deep changes to fix whole classes of bugs. Swift is one of the key tools we use to eliminate memory safety bug classes.

My team does hands on work across Apple’s OSes to improve the security of our software. You can think of us as a nimble tiger team that takes on and solves some of our biggest security challenges.

Are you excited to use the power of safe modern programming languages like Swift to make software more secure? My SPEAR team at Apple is hiring a Swift Software Engineer to do exactly that!

RT @radian: 🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. T….

RT @radian: 🔺New on the Apple Security Research blog: a brief technical overview of iMessage Contact Key Verification! .

RT @kubamracek: Embedded Swift -- a vision for a new compilation mode of Swift with first class support for embedded/low-level environment….

RT @davidecci: Today at WWDC we introduced a new static linker. It is a ground-up rewrite that’s up to 5x faster than ld64. The new linker….

RT @radian: 🔺New on the Apple Security Research blog: we pit our hardened kalloc_type XNU allocator against SockPuppet, a powerful vulnerab….

RT @Embecosm: Fascinating keynote by Yeoul Na of @Apple at #euroLLVM 2023 on adding bounds checking for C in @llvmorg . Lots of real world….

If you’re a low-level software engineer who wants to help take software security to the next level, I would love to talk to you about joining our team:

Many of us started our careers with a focus outside security. We discovered how important and rewarding it is to secure our user’s devices, learned from some of the most collaborative and talented security engineers in the industry, and shipped massive security improvements.

Swift in embedded environments, such as the Secure Enclave:

Automatic variable initialization, making uninitialized variable bugs nearly impossible to exploit:

A comprehensive bounds safety solution for C, shipping in production software!

The the kalloc_type hardened allocator, which makes it inherently unreliable to exploit use after free and other lifetime safety issues in the kernel.

You’ll get the opportunity to work with folks who’ve designed and deployed some of the most impactful security improvements in the industry. These include:.

Our team isn’t trying to patch bugs one by one. We’re working on fixing or mitigating whole classes of vulnerabilities, securing entire codebases, and removing large chunks of attack surface.