In-office locations: Raleigh, NC, USA; Durham, NC, USA.
Remote location(s): North Carolina, USA.
Minimum qualifications:
- 7 years of technical experience in cryptographic security, including work in PKI, protocols, encryption, or authorization.
- 7 years of technical experience working in one or more of the following areas: cloud security research, network security, intrusion detection systems, and/or threat intelligence.
Preferred qualifications:
- 7 years of relevant work experience in the product security, cloud integration, enterprise products, or related product domains.
About the job
Product Security Assurance is the team within the Google Cloud CISO organization responsible for helping ensure every product Google Cloud ships is as secure as it can be and increasing the assurance levels of security in the infrastructure underlying all our products. This team will also focus on increasing the capabilities of each product team to develop more secure products by design and by default, from patterns, tools and frameworks, to increasing the skill level of embedded security leads. As a Staff Security Engineer you will help to ensure that our software and systems are designed and implemented to the highest security standards. You will perform technical security assessments, code reviews, and vulnerability testing to highlight risk, helping Google teams and partners to improve security, and work on a wide variety of software designs and technology stacks.
You will have the opportunity to help set the direction for product security in Google Cloud and partner with amazing existing teams across Google. These include existing security teams, privacy teams, and engineering teams. You will help set the focus, direction, and impact of this organization with regards to product security. There is an exciting mix of work to be accomplished across multiple security domains. A few examples are: security reviews, security education, web application scanning and testing, vulnerability research, and security data analysis all with the goal of highlighting and driving down risk.
Responsibilities
- Perform security reviews, research and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers.
- Review and develop secure operational practices, and provide security guidance for engineers and support staff.
- Review designs and look for vulnerabilities, both with one-time reviews and longer term engagements.
- Look for vulnerabilities with techniques including reverse engineering, fuzzing, and static analysis.
- Focus on the security strategy for Google Cloud.
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Google’s EEO Policy and EEO is the Law. If you have a disability or special need that requires accommodation, please let us know by completing our Accommodations for Applicants form.