Security Engineer III, Product Security

Minimum qualifications:

• Bachelor's degree in Computer Science, related discipline, or equivalent practical experience
  
• 5 years of experience in the Security field
  
• Experience with Hardware System Architecture
  
• Experience with Firmware
  
• Experience in a Reverse Engineering role
  

Preferred qualifications:

• Experience with hardware or firmware security
  
• Understanding of both offensive and defensive security methods
  
• Excellent communication and documentation skills
  
• Proven track record influencing others without authority (especially external parties)
  

About the job

Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.

The Product Security team is within the Cloud CISO organization and is responsible for helping ensure every product Cloud ships is as secure as it can be, and for increasing the assurance levels of security in the infrastructure underlying all Cloud products (which includes hardware/firmware).

The OTH-Hardware team within PSE specializes on the hardware underpinning Cloud products. The OTS-HS team has the ambitious strategic mission to protect the world's devices against all hardware and firmware security threats.

The OTS Hardware Security team focuses on securing the off-the-shelf hardware/firmware used by Cloud products. We work with a wide range of other external vendors, internal teams, and industry bodies to protect devices against all hardware and firmware security threats.

OTS Hardware Security team cares deeply about protecting the hardware/firmware used by Google Cloud products so that the upper layers of the stack can consider it trustworthy.

Google Cloud accelerates every organization’s ability to digitally transform its business and industry. We deliver enterprise-grade solutions that leverage Google’s cutting-edge technology, and tools that help developers build more sustainably. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

The Product Security team is within the Cloud CISO organization and is responsible for helping ensure every product Cloud ships is as secure as it can be, and for increasing the assurance levels of security in the infrastructure underlying all Cloud products (which includes hardware/firmware).

The OTH-Hardware team within PSE specializes on the hardware underpinning Cloud products. The OTS-HS team has the ambitious strategic mission to protect the world's devices against all hardware and firmware security threats.

The OTS Hardware Security team focuses on securing the off-the-shelf hardware/firmware used by Cloud products. We work with a wide range of other external vendors, internal teams, and industry bodies to protect devices against all hardware and firmware security threats.

OTS Hardware Security team cares deeply about protecting the hardware/firmware used by Google Cloud products so that the upper layers of the stack can consider it trustworthy.

Responsibilities

• Scope out and identify business critical hardware/firmware devices within Cloud for team review. Perform in-depth and holistic hardware and firmware security review of critical business devices (e.g., HSMs, Servers, Switches, SSDs).
  
• Write detailed threat models and reports to support and augment reviews. Present the risk findings and risk mitigation recommendations to technical and organizational leadership across different organizations.
  
• Inform vendors of the hardware and firmware vulnerabilities found in their devices. Partner with vendor and internal teams in order to effectively mitigate identified risks.
  
• Partner with device vendors to advocate for necessary design changes to hardware and firmware. Design changes due to risk findings both internally and to the vendor.
  
• Collaborate closely with team members to come up with new attack scenarios, mitigation, vendor collaboration strategies, and to ensure consistency in team approach and methodology.