Security Engineer, Vulnerability Detection

Minimum qualifications:

• Bachelor's degree in a technical field (e.g., Cyber Security, Computer Science) or equivalent practical experience
  
• Experience in C/C++ source code security analysis
  
• Experience coding in one or more coding languages (e.g., Java, Python, Go)
  
• Experience working in device, OS, or embedded system security domain
  

Preferred qualifications:

• Experience with fuzz testing or other forms of dynamic code analysis
  
• Experience with mobile devices, IoT devices, or servers
  
• Experience with the use or development of commercial, open-source code analysis tools, or security tools
  
• Good understanding of Linux security and internals
  
• Solid computer security fundamentals
  

About the job

There's no such thing as a "safe system" - only safer systems. Our Security team works to create and maintain the safest operating environment for Google's users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information. Security Engineers work directly with network equipment and actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities.

You identify solutions for common security problems while participating in security reviews/audits and execute single-component or small multi-component project with little to no direction.

We are the Security and Privacy engineering team within Google's Devices and Services product area. Our mission is to embed and support robust security and privacy practices throughout the product lifecycle, ensuring the trustworthiness of all devices, apps, and software services that we release and maintain. This includes popular brands such as Pixel, Nest, and Fitbit.

As a Vulnerability Detection Security Engineer, you will identify security issues across system software technologies such as kernels, drivers, device firmware, and debug/network interfaces. You will implement fuzzing and testing harnesses to uncover integrity and confidentiality issues on both live and emulated systems. You will contribute to vulnerability severity assessments to validate the findings and determine how to best address their risk. Additionally, you will be part of other software security initiatives (e.g., formal verification and static analysis) to maximize tooling coverage of security related code.

Google's mission is to organize the world's information and make it universally accessible and useful. Our Devices & Services team combines the best of Google AI, Software, and Hardware to create radically helpful experiences for users. We research, design, and develop new technologies and hardware to make our user's interaction with computing faster, seamless, and more powerful. Whether finding new ways to capture and sense the world around us, advancing form factors, or improving interaction methods, the Devices & Services team is making people's lives better through technology.

Responsibilities

• Develop fuzzers using existing frameworks and infrastructure or adopting new technologies.
  
• Execute fuzz testing projects and assess the severity and exploitability of the findings to report the vulnerabilities that need to be remediated.
  
• Contribute to code reviews for new product components and features.
  
• Work with other security engineers on the analysis of, and response to vulnerabilities reported by other parties, internal and external.