Offensive Security Engineer, Device Hardware
Amsterdam, Netherlands
Minimum qualifications:
- Bachelor's degree in a technical field or equivalent practical experience.
- Experience developing system software or writing exploit/proof-of-concept code.
- Experience as security engineer or researcher identifying vulnerabilities in device hardware components.
- Security experience in one of the following areas: CPU (ARM, RISC-V) SoC: interconnects, memory management, graphics/GPU, security controllers, crypto. acceleration, virtualization, hardware attacks (fault injection, side-channel attacks like DPA, etc.).
Preferred qualifications:
- Master's degree or PhD in Computer Science with a specialty in security.
- Experience presenting security research at conferences or workshops.
- Experience writing exploits for micro-architectural vulnerabilities on secured devices (e.g., Android, Linux based platforms, etc.).
- Solid applied cryptography fundamentals and experience with product security certifications.
- Ability to assess the effect of security hardening efforts.
- Proficiency with post-silicon security testing or hardware security validation.
About the job
We are part of the Security and Privacy Engineering organization in Google Devices and Services and our goal is to embed and support robust security and privacy practices throughout the product life cycle, ensuring the trustworthiness of the devices, apps, software services, and platforms that Devices and Services teams develop and maintain. This includes popular brands such as Pixel, Nest, and Fitbit.
Our product security team is composed of defensive and offensive security engineers that prevent, detect, and mitigate vulnerabilities across a variety of product lines and services. We collaborate with multiple product development teams on system design, hardening, code analysis, security testing, and other security assurance functions with the goal of minimizing the risk of abuse and increasing the cost of vulnerability exploitation. In addition to our work with other Google groups, we are connected to the security community through our vulnerability rewards programs and conferences.
As an Offensive Security Engineer, you will join our offensive security program for Made-by-Google devices that are powered by Android, GenAI features, and other technologies. The program’s scope is broad and covers system software, SoC, wireless communications, Trusted Execution Environments (TEE), and other subsystems. You will focus on device software security and will contribute to individuals as well as collaborative projects, including security research and red-team exercises, with the goal of discovering and proving product deficiencies at the implementation and design levels. You'll also evaluate the security of fundamental building blocks (first-party and third-party) on existing products and new products.
Responsibilities
- Define and drive offensive security projects involving new device features and critical product subsystems.
- Conduct security research in areas of high security risk, which may involve testing, design analysis, and other activities.
- Find and experimentally demonstrate the exploitability of vulnerabilities.
- Identify novel attack vectors and techniques, and present them to internal and external audiences.
- Contribute to the planning and execution of red-team engagements, propose solutions to security issues, and contribute to the design of mechanisms to mitigate or eliminate the risks.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Android Code analysis Computer Science Crypto Cryptography Exploit Exploits Generative AI Linux Offensive security PhD Privacy Product security SOC Vulnerabilities
Perks/benefits: Conferences Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Officer jobs
- Open Senior Product Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Product Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Editor jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Engineer jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs