Senior Security Engineer

Verily is an Alphabet company combining a data-driven, people-first approach to bring the promise of precision health to everyone, every day.

Our team combines expertise in healthcare, data science and technology to improve the health and well-being of our communities. We are developing the infrastructure and solutions to harness the profusion of health information for good. Our data-driven solutions span three primary areas: research, care and innovation. Programs include Project Baseline - our research initiative to increase participation and evidence generation in clinical research; Onduo - our personalized virtual care platform, which includes connected tools, lifestyle coaching and clinical support; and Debug - our effort to reduce the threat of mosquito-borne diseases by combining machine learning with sterile insect technique. We’re also actively working to combat the spread of COVID-19 through new programs like Healthy at Work. 

Description

Our security team focuses on securing the design and development of medical information platforms and medical devices created by Verily and Verily partners. Verily security has multiple internal and external customers across a number of health-related projects, spread across google3, GCP, and fully external environments. We welcome applicants with a strong security mindset coming from both Google and non-Google backgrounds.

Responsibilities

• Conduct security reviews of our products and production infrastructure.
• Contribute to vulnerability management, application security and/or offensive/red-team
• Design infrastructure and drive its implementation to protect Verily networks and systems.
• Engage in security audit and security regulatory exercises with Verily partners and vendors.
• Drive enterprise focused security improvements to Verily products and services.
• Build, procure and/or deploy security tools and processes for critical infrastructure protection, monitoring and remediation.

Qualifications

Minimum qualifications

• BA/BS degree in Computer Science, Engineering, Management Information Systems, or equivalent practical experience with 5 years of relevant industry experience in security.
• Background in one of the following: systems administration, devops, networking, or cloud security.
• Experience with one or more general purpose programming languages including but not limited to: Java, C/C++, C#, Objective C, Python, JavaScript, or Go.
• Experience with attacks and mitigation methods, working in two or more of the following: Network protocols and secure network design; Operating system internals and hardening (e.g. Windows, Linux, OS X, Android); Web application and browser security; Security assessments and penetration testing; Authentication and access control; Applied cryptography and security protocols; Security monitoring and intrusion detection, Incident response and forensics; Development of security tools, automation or frameworks.    

Preferred qualifications

• MS or PhD degree in Computer Science.
• 2 years of experience designing or review security best practices in embedded firmware, app development, or cloud computing environments (ex.AWS, GCP, Azure, AliCloud).
• 4 years of experience designing, implementing or testing software in Java, C/C++, C#, Objective C, Python, JavaScript, or Go,
  Experience in one or more of the following: threat modeling, incident/emergency response, OS hardening, vulnerability management, penetration testing, cryptographic concepts.network security, authentication, security protocols

#BD-1 #remote