Security Engineer, Cloud Vulnerability Research

Minimum qualifications:

• Bachelor's degree in Computer Science or equivalent practical experience.
  
• 4 years of experience in application-level vulnerability testing and code-level security auditing.
• Experience in security assessment and security analysis.
  

Preferred qualifications:

• Experience finding and exploiting high severity vulnerabilities.
  
• Knowledge of Google Cloud.
  
• Ability to work independently.
  
• Excellent written and verbal communication skills.
  
• Offensive security and vulnerability research background
  

About the job

Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.

Information Security Engineers at Google drive two goals: to find and prevent security vulnerabilities in new and existing products; and, more importantly, to promote good design and implementation practices that mitigate or prevent vulnerability classes.

Within PSE, we apply the goals towards Google Cloud Platform (GCP) products and its infrastructure. We do vulnerability research to find security issues and deep-dive on exploitability. We consult with launching teams and ensure they don't launch with security flaws, thus boosting product excellence and user trust in our products. We work closely with GCP leads to proactively map out hazards based on product roadmaps. We evaluate high-level product design considerations that transcend any individual launch. Using security engineering practices, we remediate vulnerability classes, systemic patterns and ensure that GCP is secure-by-default. We apply this work to the full GCP stack, from supply-chain and open-source, over virtualization layers and low-level OS internals, towards high-level APIs and configurations.

In this role, you will focus on vulnerability research, exploration of security risk, and the identification of unknown bugs. A typical project identifies an under-explored area or emerging threat, locates related work, and conducts research to gain an improved understanding of the insecurity of a product, infrastructure or technology. You will also communicate results and influence the remediation of the issue.

Google Cloud accelerates every organization's ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google's cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Responsibilities

• Identify security issues and implement and design security controls, tools, and services to improve security systems and processes.
  
• Technical deep-dives into various Cloud-related products, tech stacks, and infrastructure.
  
• Find and exploit vulnerabilities, create tools to analyze products and systems at scale, and communicate results to influence remediation, hardening, or security roadmaps/strategies of product teams.