Back to search
Apple Linkedin · Posted yesterday

Offensive Security Researcher - Wireless Security

France

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Summary
Apple's Security Engineering & Architecture organization is responsible for the security of all Apple products. Protecting our users is at the heart of everything we build, and our team takes an offensive approach to that mission by uncovering and fixing vulnerabilities impacting one of the world's most sophisticated ecosystems before adversaries can ever exploit them, all at the scale of more than one billion devices.

Can you make a difference on this scale? Join our extraordinary team of security researchers and help protect all Apple users

Description
We engage in various activities, including vulnerability research, binary exploitation, security tooling development, fuzzing, machine learning, and many more. By developing and harnessing state-of-the-art technologies, we amplify our impact on Apple's product security.

In this role, your primary focus will be on the wireless attack surface of Apple platforms. You will conduct offensive security research across cellular/baseband, Wi-Fi, and Bluetooth stacks, as well as other wireless protocols such as Thread, NFC, and UWB, spanning radio firmware, protocol state machines, and the host software that drives them. These radios are reachable over the air and represent some of the most impactful proximity- and remote-triggerable attack surfaces on our devices. You will work in cross-functional teams alongside other researchers and engineering teams to identify and help eliminate vulnerabilities before they can be exploited. Knowledge of Apple operating systems such as iOS or macOS is a plus, but not required.

This job is for individuals with outstanding technical skills, grit, and a genuine passion for breaking systems — so we can build them stronger.

If this is you, we'd love to hear from you.

In-office roles in Paris, Cupertino, and other locations. Remote considered for experienced candidates.

Minimum Qualifications

  • Proven experience in vulnerability research targeting wireless technologies such as cellular/baseband, Wi-Fi, or Bluetooth
  • Strong understanding of vulnerability classes and exploitation techniques relevant to wireless protocol stacks and radio firmware, such as memory corruption, parsing and state-machine flaws, cryptographic and authentication weaknesses, and protocol downgrade or logic attacks
  • Ability to apply AI techniques and tools, such as LLMs or Machine Learning, for security research activities

Preferred Qualifications
  • Deep knowledge of cellular technologies and 3GPP standards (2G/3G/4G/5G), baseband processors, and modem firmware internals
  • Experience analyzing protocol stacks, including their firmware, host-controller interfaces, and over-the-air protocol behaviour of wireless technologies like Wi-Fi (802.11) and Bluetooth/BLE or other short-range protocols like Thread, NFC, or UWB
  • Familiarity with binary reverse-engineering using tools like IDA and Ghidra, as well as the practical RF and over-the-air toolset, such as software-defined radio (SDR) and other equipment for capturing and injecting wireless signals

At Apple, we're not all the same. And that's our greatest strength. We draw on the differences in who we are, what we've experienced, and how we think. Because to create products that serve everyone, we believe in including everyone. Therefore, we are committed to treating all applicants fairly and equally. We will work with applicants to make any reasonable accommodations.

At Apple, we believe accessibility is a fundamental human right. You’ll find that idea reflected in everything here — in our culture, our benefits and our digital tools. By welcoming as many perspectives as possible, we help you build a career where you feel like you belong.

Learn about accessibility in Apple’s workplace

Role Number: 200671326-2911

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent