Information Security Engineer, Secure by Default, Google Cloud

Note: Google’s hybrid workplace includes remote roles. By applying to this position you will have an opportunity to share your preferred working location from the following:

Remote locations: Spain; France; Italy; Netherlands; Poland; Sweden.

Minimum qualifications:

• Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience.
• Experience in application-level vulnerability testing and code-level security auditing.

Preferred qualifications:

• Master's degree in Computer Science or a related technical field.
• Experience working in web application security.
• Experience in software development (e.g., C++, Java, etc.).
• Knowledge of security engineering, computer/network security, authentication, security protocols, and applied cryptography.
• Excellent communication skills.

About the job

In this role, you will conduct vulnerability research to find security issues and thoroughly search out exploitability. You will consult with launching teams and ensure they don’t launch without proper security reviews, thus boosting product excellence and user trust in our products. You will work closely with Google Cloud Platform (GCP) leads to proactively map out security considerations based on product road maps, and evaluate high-level product design considerations that transcend any individual launch. Using security engineering practices, you will remediate vulnerability classes, systemic patterns, and ensure that GCP is secure-by-default. You will apply this work to the full GCP stack, from supply chain and open source software, over virtualization layers and low-level OS internals, towards high-level APIs and configurations. In this role, you will identify risks, investigate engineering options with affected teams, and apply software engineering to mitigate or prevent future similar vulnerabilities from occurring.

Responsibilities

• Identify and engineer technical solutions to work towards a secure-by-default GCP by switching towards a defensive mindset.
• Perform technical security assessments, code audits, and design reviews on GCP products and underlying technologies using an offensive mindset.
• Communicate and influence Product teams on assessment outcomes (e.g., isolation/sandboxing, least privilege principle, defense in depth, memory corruption, cross-site scripting, authorization/authentication, injection).
• Conduct independent vulnerability research with an exploratory mindset to identify novel attack vectors against GCP products and services.
• Utilize deep understanding in software engineering and its processes to advocate for secure engineering practices throughout Google.

Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also and If you have a disability or special need that requires accommodation, please let us know by completing our .

Fecha de publicación: 12/05/2022