Offensive Security Engineer, Device Hardware

Minimum qualifications:

• Bachelor's degree in a technical field or equivalent practical experience.
  
• Experience developing system software or writing exploit/proof-of-concept code.
  
• Experience as security engineer or researcher identifying vulnerabilities in device hardware components.
  
• Security experience in one of the following areas: CPU (ARM, RISC-V) SoC: interconnects, memory management, graphics/GPU, security controllers, crypto. acceleration, virtualization, hardware attacks (fault injection, side-channel attacks like DPA, etc.).
  

Preferred qualifications:

• Master's degree or PhD in Computer Science with a specialty in security.
  
• Experience presenting security research at conferences or workshops.
  
• Experience writing exploits for micro-architectural vulnerabilities on secured devices (e.g., Android, Linux based platforms, etc.).
  
• Solid applied cryptography fundamentals and experience with product security certifications.
  
• Ability to assess the effect of security hardening efforts.
  
• Proficiency with post-silicon security testing or hardware security validation.
  

About the job

We are part of the Security and Privacy Engineering organization in Google Devices and Services and our goal is to embed and support robust security and privacy practices throughout the product life cycle, ensuring the trustworthiness of the devices, apps, software services, and platforms that Devices and Services teams develop and maintain. This includes popular brands such as Pixel, Nest, and Fitbit.

Our product security team is composed of defensive and offensive security engineers that prevent, detect, and mitigate vulnerabilities across a variety of product lines and services. We collaborate with multiple product development teams on system design, hardening, code analysis, security testing, and other security assurance functions with the goal of minimizing the risk of abuse and increasing the cost of vulnerability exploitation. In addition to our work with other Google groups, we are connected to the security community through our vulnerability rewards programs and conferences.

As an Offensive Security Engineer, you will join our offensive security program for Made-by-Google devices that are powered by Android, GenAI features, and other technologies. The program’s scope is broad and covers system software, SoC, wireless communications, Trusted Execution Environments (TEE), and other subsystems. You will focus on device software security and will contribute to individuals as well as collaborative projects, including security research and red-team exercises, with the goal of discovering and proving product deficiencies at the implementation and design levels. You'll also evaluate the security of fundamental building blocks (first-party and third-party) on existing products and new products.

Responsibilities

• Define and drive offensive security projects involving new device features and critical product subsystems.
  
• Conduct security research in areas of high security risk, which may involve testing, design analysis, and other activities.
  
• Find and experimentally demonstrate the exploitability of vulnerabilities.
  
• Identify novel attack vectors and techniques, and present them to internal and external audiences.
  
• Contribute to the planning and execution of red-team engagements, propose solutions to security issues, and contribute to the design of mechanisms to mitigate or eliminate the risks.