Senior Information Security Engineer, Product Security Engineering
About The Position
There's no such thing as a "safe system" - only safer systems. Our Security team works to create and maintain the safest operating environment for Google's users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information. Security Engineers work directly with network equipment and actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities. You use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues. In this role, you will help set the focus, direction and impact of this organization with regards to product security. There is an exciting mix of work to be accomplished across multiple security domains. A few examples are: security reviews, security education, web application scanning and testing, vulnerability research and security data analysis all with the goal of highlighting and driving down risk. Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.
Requirements
- Bachelor's degree or equivalent practical experience.
- 5 years of experience with security engineering, computer and network security and security protocols.
- 5 years of experience with security assessments or security design reviews or threat modeling.
- 5 years of coding experience in one or more general purpose languages.
- 1 year of experience leading teams in a technical capacity or leading technical risk analysis in an enterprise environment.
- Coding experience in one or more general purpose languages.
Nice To Haves
- Experience identifying and mitigating network security risks using threat modeling and other risk identification techniques.
- Experience in applications security, cryptography, network security or systems security.
- Experience with C++ dynamic analysis and static code analysis.
- Expertise in in security assessments, vulnerability management and security research.
Responsibilities
- Identify security issues and implement and design security controls, tools, and services to improve security systems and processes.
- Perform security reviews, research and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers. Look for vulnerabilities with techniques including reverse engineering, fuzzing, and static analysis
- Review and develop secure operational practices, and provide security guidance for engineers and support staff. Review designs and drive towards defense in depth and security by default, both with one-time reviews and longer term engagements
- Respond to vulnerabilities with repros, variant analysis, mitigations, and hardening. Focus on the security strategy for Google Cloud.
Benefits
- 15% bonus target
- bonus
- equity
- benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
