Offensive Security Researcher - Wireless Security
Indexed description
Apple's Security Engineering & Architecture organization is responsible for the security of all Apple products. Protecting our users is at the heart of everything we build, and our team takes an offensive approach to that mission by uncovering and fixing vulnerabilities impacting one of the world's most sophisticated ecosystems before adversaries can ever exploit them, all at the scale of more than one billion devices.
Can you make a difference on this scale? Join our extraordinary team of security researchers and help protect all Apple users
Description
We engage in various activities, including vulnerability research, binary exploitation, security tooling development, fuzzing, machine learning, and many more. By developing and harnessing state-of-the-art technologies, we amplify our impact on Apple's product security.
In this role, your primary focus will be on the wireless attack surface of Apple platforms. You will conduct offensive security research across cellular/baseband, Wi-Fi, and Bluetooth stacks, as well as other wireless protocols such as Thread, NFC, and UWB, spanning radio firmware, protocol state machines, and the host software that drives them. These radios are reachable over the air and represent some of the most impactful proximity- and remote-triggerable attack surfaces on our devices. You will work in cross-functional teams alongside other researchers and engineering teams to identify and help eliminate vulnerabilities before they can be exploited. Knowledge of Apple operating systems such as iOS or macOS is a plus, but not required.
This job is for individuals with outstanding technical skills, grit, and a genuine passion for breaking systems — so we can build them stronger.
If this is you, we'd love to hear from you.
In-office roles in Paris, Cupertino, and other locations. Remote considered for experienced candidates.
Minimum Qualifications
- Proven experience in vulnerability research targeting wireless technologies such as cellular/baseband, Wi-Fi, or Bluetooth
- Strong understanding of vulnerability classes and exploitation techniques relevant to wireless protocol stacks and radio firmware, such as memory corruption, parsing and state-machine flaws, cryptographic and authentication weaknesses, and protocol downgrade or logic attacks
- Ability to apply AI techniques and tools, such as LLMs or Machine Learning, for security research activities
- Deep knowledge of cellular technologies and 3GPP standards (2G/3G/4G/5G), baseband processors, and modem firmware internals
- Experience analyzing protocol stacks, including their firmware, host-controller interfaces, and over-the-air protocol behaviour of wireless technologies like Wi-Fi (802.11) and Bluetooth/BLE or other short-range protocols like Thread, NFC, or UWB
- Familiarity with binary reverse-engineering using tools like IDA and Ghidra, as well as the practical RF and over-the-air toolset, such as software-defined radio (SDR) and other equipment for capturing and injecting wireless signals
At Apple, we believe accessibility is a fundamental human right. You’ll find that idea reflected in everything here — in our culture, our benefits and our digital tools. By welcoming as many perspectives as possible, we help you build a career where you feel like you belong.
Learn about accessibility in Apple’s workplace
Role Number: 200671326-2911
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search