Senior Security Engineer, Devices and Services
Note: Google’s hybrid workplace includes remote and in-office roles. By applying to this position you will have an opportunity to share your preferred working location from the following:
In-office locations: New York, NY, USA; Austin, TX, USA; Kirkland, WA, USA; Mountain View, CA, USA.
Remote location(s): United States.
- Bachelor's degree in Computer Science, Cybersecurity, a related technical field, or equivalent practical experience.
- 3 years of experience in driving security reviews, audits, or testing.
- 2 years of experience in offensive security.
- Knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography.
- Understanding of security and privacy issues and countermeasures in the software services and applications space.
- Excellent people management and communication skills.
About the job
Google's Devices and Services Security Engineering team is hiring a Security Engineer to focus on Vulnerability Research and Automation.
Our team ensures that Google business units like Pixel, Nest, Fitbit, and Virtual Reality, develop and maintain trustworthy products. We drive the security development lifecycle of a number of technologies, including new services, apps and products, from design to launch, and do so in collaboration with many teams, including hardware, software, site reliability engineering, and privacy. Our engineers also support programs like Offensive Security and Research, Vulnerability Management, Analysis and Testing Automation, Reviews, Technical Consultations, and Vulnerability Rewards, allowing us to directly protect Google users by shipping technologies that are designed and implemented with security in mind.
Identifying and driving resolution to security issues in a deep and broad product stack requires strong technical security expertise and the ability to work with partner teams to continuously reduce security risk. This is an opportunity to contribute to our vulnerability research program that covers a number of technologies developed by Google and by our industry partners, and to contribute to the automation of our vulnerability identification and analysis functions. Our goal is to identify novel threats and attack vectors before others do, in a way that allows us to proactively raise the security bar.In this role, you will use and develop experimental methods and tools to uncover security vulnerabilities at the device, hardware, firmware and system software levels. You will prove the exploitation of highly-complex vulnerabilities, assess the likelihood of a compromise, leverage fuzz testing, or other techniques to accelerate and expand our team’s vulnerability finding operations.
- Propose and lead penetration testing plans and offensive security exercises for different components of the product stack. Prove and document the exploitation of high-complexity security issues.
- Design controls and improvements to sharpen our capabilities to defend against attackers in close cooperation with the teams responsible for implementing them.
- Document and present results to a variety of target audiences, ranging from highly technical engineers over non-technical subject matter experts to executive leadership.
- Perform technical security assessments, code audits, design reviews, and Red team exercises.
- Contribute to the development of tools and automation programs, security analysis and testing automation projects.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees or any other organization location. Google is not responsible for any fees related to unsolicited resumes.
At Google, we’re committed to building a workforce that is more representative of the users we serve and creating a culture where everyone feels like they belong. To learn more about our diversity, equity, inclusion commitments and how we’re building belonging, please visit our Belonging page for more information.
We welcome and encourage people who are expecting and/or parents-to-be to apply to this or any other role at Google.
Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles.
Something looks off?