Explore Career Opportunities with GSV’s world-class sponsor partners


Senior Security Engineer, Devices and Services



New York, NY, USA
Posted on Thursday, May 25, 2023

Note: Google’s hybrid workplace includes remote and in-office roles. By applying to this position you will have an opportunity to share your preferred working location from the following:

In-office locations: New York, NY, USA; Austin, TX, USA; Kirkland, WA, USA; Mountain View, CA, USA.
Remote location(s): United States.


Minimum qualifications:

  • Bachelor's degree in Computer Science, Cybersecurity, a related technical field, or equivalent practical experience.
  • 3 years of experience in driving security reviews, audits, or testing.
  • 2 years of experience in offensive security.

Preferred qualifications:

  • Experience in one or more of the following languages: C, C++, Java, Javascript.
  • Knowledge of security engineering, computer and network security, authentication, security protocols and applied cryptography.
  • Understanding of security and privacy issues and countermeasures in the software services and applications space.
  • Excellent people management and communication skills.

About the job

Google's Devices and Services Security Engineering team is hiring a Security Engineer to focus on Vulnerability Research and Automation.

Our team ensures that Google business units like Pixel, Nest, Fitbit, and Virtual Reality, develop and maintain trustworthy products. We drive the security development lifecycle of a number of technologies, including new services, apps and products, from design to launch, and do so in collaboration with many teams, including hardware, software, site reliability engineering, and privacy. Our engineers also support programs like Offensive Security and Research, Vulnerability Management, Analysis and Testing Automation, Reviews, Technical Consultations, and Vulnerability Rewards, allowing us to directly protect Google users by shipping technologies that are designed and implemented with security in mind.

Identifying and driving resolution to security issues in a deep and broad product stack requires strong technical security expertise and the ability to work with partner teams to continuously reduce security risk. This is an opportunity to contribute to our vulnerability research program that covers a number of technologies developed by Google and by our industry partners, and to contribute to the automation of our vulnerability identification and analysis functions. Our goal is to identify novel threats and attack vectors before others do, in a way that allows us to proactively raise the security bar.

In this role, you will use and develop experimental methods and tools to uncover security vulnerabilities at the device, hardware, firmware and system software levels. You will prove the exploitation of highly-complex vulnerabilities, assess the likelihood of a compromise, leverage fuzz testing, or other techniques to accelerate and expand our team’s vulnerability finding operations.
The US base salary range for this full-time position is $157,000-$235,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.
Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.


  • Propose and lead penetration testing plans and offensive security exercises for different components of the product stack. Prove and document the exploitation of high-complexity security issues.
  • Design controls and improvements to sharpen our capabilities to defend against attackers in close cooperation with the teams responsible for implementing them.
  • Document and present results to a variety of target audiences, ranging from highly technical engineers over non-technical subject matter experts to executive leadership.
  • Perform technical security assessments, code audits, design reviews, and Red team exercises.
  • Contribute to the development of tools and automation programs, security analysis and testing automation projects.

Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.

To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees or any other organization location. Google is not responsible for any fees related to unsolicited resumes.

At Google, we’re committed to building a workforce that is more representative of the users we serve and creating a culture where everyone feels like they belong. To learn more about our diversity, equity, inclusion commitments and how we’re building belonging, please visit our Belonging page for more information.

We welcome and encourage people who are expecting and/or parents-to-be to apply to this or any other role at Google.

Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles.