Senior Security Engineer, Vulnerability Detection
Warsaw, Poland
Minimum qualifications:
- Bachelor's degree in a technical field or equivalent practical experience.
- Experience in Vulnerability Detection.
- Experience in device, OS, or embedded system security.
- Experience in C/C++ source code security analysis.
Preferred qualifications:
- Experience with fuzz testing or other forms of dynamic code analysis.
- Experience with mobile devices, IoT devices, or servers.
- Experience with the use or development of commercial or open-source code analysis tools or security tools.
- Understanding of Linux security and internals.
- Knowledge of computer security fundamentals.
About the job
We are the Security and Privacy engineering team within Google's Devices and Services product area. Our mission is to embed and support robust security and privacy practices throughout the product lifecycle, ensuring the trustworthiness of all devices, apps, and software services that we release and maintain. This includes popular brands such as Pixel, Nest, and Fitbit.
We are behind the security assurance programs that prevent, detect, and mitigate vulnerabilities across a variety of products and services. We collaborate directly with the product development teams to remediate security issues through design improvements, system hardening, source code fixes, and configuration changes, all with the goal of minimizing risk and increasing the cost of exploitation. The team encompasses blue-team and red-team functions, benefiting from connections and support across Google.As a Vulnerability Detection Senior Security Engineer, you will lead the identification of security issues across system software technologies such as kernels, drivers, device firmware, and debug/network interfaces. You will design and implement fuzzing and testing harnesses to uncover integrity and confidentiality issues on both live and emulated systems. Our team receives vulnerability reports from internal and external sources. You will contribute to vulnerability severity assessments to validate the findings and determine how to best address their risk. Additionally, you will be part of other software security initiatives (e.g., formal verification and static analysis) to maximize tooling coverage of security related code.
Google's mission is to organize the world's information and make it universally accessible and useful. Our Devices & Services team combines the best of Google AI, Software, and Hardware to create radically helpful experiences for users. We research, design, and develop new technologies and hardware to make our user's interaction with computing faster, seamless, and more powerful. Whether finding new ways to capture and sense the world around us, advancing form factors, or improving interaction methods, the Devices & Services team is making people's lives better through technology.
We are behind the security assurance programs that prevent, detect, and mitigate vulnerabilities across a variety of products and services. We collaborate directly with the product development teams to remediate security issues through design improvements, system hardening, source code fixes, and configuration changes, all with the goal of minimizing risk and increasing the cost of exploitation. The team encompasses blue-team and red-team functions, benefiting from connections and support across Google.As a Vulnerability Detection Senior Security Engineer, you will lead the identification of security issues across system software technologies such as kernels, drivers, device firmware, and debug/network interfaces. You will design and implement fuzzing and testing harnesses to uncover integrity and confidentiality issues on both live and emulated systems. Our team receives vulnerability reports from internal and external sources. You will contribute to vulnerability severity assessments to validate the findings and determine how to best address their risk. Additionally, you will be part of other software security initiatives (e.g., formal verification and static analysis) to maximize tooling coverage of security related code.
As a Vulnerability Detection Senior Security Engineer, you will lead the identification of security issues across system software technologies such as kernels, drivers, device firmware, and debug/network interfaces. You will design and implement fuzzing and testing harnesses to uncover integrity and confidentiality issues on both live and emulated systems. Our team receives vulnerability reports from internal and external sources. You will contribute to vulnerability severity assessments to validate the findings and determine how to best address their risk. Additionally, you will be part of other software security initiatives (e.g., formal verification and static analysis) to maximize tooling coverage of security related code.
Responsibilities
- Conduct code reviews for new product components and features, and identify and prioritize goals of evaluation for fuzz testing.
- Design and develop fuzzers using existing frameworks and infrastructure, or adopting new technologies.
- Plan and execute fuzz testing projects and assess the severity and exploitability of the findings to report the vulnerabilities that need to be remediated.
- Work with other security engineers on the analysis of, and response to vulnerabilities reported to us by other parties and contribute technical leadership to coordinate and develop team members.
- Drive the adoption of fuzz testing and other security practices within Product Engineering teams in the organization.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: C Code analysis Linux Privacy Security analysis Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs