Information Security Engineer, iOS, YouTube

Minimum qualifications:

• Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience.
  
• 8 years of experience in software development and with data structures/algorithms.
  
• 7 years of experience in application-level vulnerability testing and code-level security auditing.
  
• 5 years of experience testing, and launching software products, and 3 years of experience with software design and architecture.
  
• Experience with software development in one or more programming languages (e.g., Python, Go, C, C++, Java, JavaScript).
  

Preferred qualifications:

• Experience in iOS mobile application development.
  
• Experience in implementing sandboxing infrastructure or low-level system features.
  
• Knowledge of programming languages, compilers, static and dynamic analysis techniques.
  

About the job

Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.

YouTube owns one of the most popular mobile apps in the world, with billions of users, and has an equally large amount of responsibility to our users. One of those responsibilities is making sure to keep our users safe, and so we have decided to form a new Security team for YouTube native apps, tasked with making sure we have the highest levels of security built into our apps.

In this role, you will work closely with Google Independent Security Evaluators (ISEs), in the federated security team model. You will work on mobile security and advise on potential and active security issues. The scope are all 14 Android and iOS apps including YouTube Main, Creator Studio, Kids, YouTube TV, Producer, and our Embed SDK.

At YouTube, we believe that everyone deserves to have a voice, and that the world is a better place when we listen, share, and build community through our stories. We work together to give everyone the power to share their story, explore what they love, and connect with one another in the process. Working at the intersection of cutting-edge technology and boundless creativity, we move at the speed of culture with a shared goal to show people the world. We explore new ideas, solve real problems, and have fun — and we do it all together.

The US base salary range for this full-time position is $189,000-$284,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Please note that the compensation details listed in US role postings reflect the base salary only, and do not include bonus, equity, or benefits. Learn more about benefits at Google.

In this role, you will work closely with Google Independent Security Evaluators (ISEs), in the federated security team model. You will work on mobile security and advise on potential and active security issues. The scope are all 14 Android and iOS apps including YouTube Main, Creator Studio, Kids, YouTube TV, Producer, and our Embed SDK.

Responsibilities

• Identify security issues, implement and design security controls, tools, and services to improve security systems and processes.
  
• Perform iOS security reviews, research and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers.
  
• Review and develop secure operational practices, and provide security guidance for engineers and support staff.
  
• Focus on the overall security strategy for YouTube native apps.
• Look for vulnerabilities with techniques including reverse engineering, fuzzing, and static analysis.
  

Focus on the overall security strategy for YouTube native apps.