In this role, you will join the Android Product Security Engineering (APSE) a cross-functional team tasked with ensuring Android is the most secure and defended operating system in the world, protecting the entire ecosystem of three billion devices. You will achieve this by collaborating with internal partners across Android Security, Development, and Partner Engineering, as well as stakeholders outside of Android such as Chrome, and engage with a vast network of external partners, including SoC manufacturers and telecom carriers. You will secure this ecosystem by leading the industry-defining Android Vulnerability Reward Program (VRP) and pioneering AI-driven security engineering projects to drive advanced vulnerability research and mitigation at scale.
As a Security Engineer, you will play a pivotal role in enhancing the Android ecosystem's security posture, focusing heavily on driving AI-powered security innovation alongside operational vulnerability response.
In this role, you will build AI/LLM-driven Security Engineering projects, rather than just streamlining existing pipelines, build and deploy cross-functional AI tooling designed to proactively scale in-depth Android vulnerability research and automate complex mitigation strategies, as these tools require deep domain expertise to build effectively, the engineer is expected to have a strong, foundational understanding of Android threat vectors and attack surfaces.
You will actively participate in the Android Vulnerability Reward Program (VRP) by participating in the triage rotations and engaging with the external researcher community. You will apply platform expertise to conduct comprehensive security research, respond to vulnerabilities in both pre-release and in-market Android products, and partner directly with feature teams to implement robust mitigation solutions.
Individual pay is determined by factors including job-related skills, experience, and relevant education or training.
US: $147000 - $211000 (USD) + 15% bonus target + equity + benefits
Learn more about benefits at Google.
Responsibilities
- Build cross-functional AI and Large Language Model (LLM) tooling to scale advanced vulnerability research, defensive engineering, and mitigation strategies across the organization.
- Participate in the Android and Device VRP program in analyzing and triaging incoming Vulnerabilities, working with cross-functional teams for vulnerability management and tool building, while proactively incorporating AI/LLMs into our VRP pipeline to improve efficiency.
- Conduct deep-dive security research into Android vulnerabilities and threat vectors, converting VRP reports into prioritized platform mitigation solutions and partner with Product/Feature teams to land them.
- Embed security by design through providing expert product security consultation and conducting comprehensive security design reviews for new Android features.
Qualifications
Minimum qualifications:
- Bachelor's degree or equivalent practical experience.
- 2 years of experience with security assessments, penetration testing, or vulnerability research on the Android platform or Android applications.
- 2 years of experience with security engineering, computer and network security and security protocols.
- 2 years of coding experience in one or more general purpose languages.
Preferred qualifications:
- Experience designing and building LLM-based agentic workflows, frameworks, or automation tools specifically targeted at vulnerability research and remediation.
- Direct experience participating in, triaging, or receiving rewards from high-impact Vulnerability Reward Programs (VRPs).
- Familiarity with Artificial Intelligence (AI) and Large Language Model (LLM) concepts, with a demonstrated interest in applying them to security domains.
- Proven track record in Android platform security research, as demonstrated by public CVEs, published whitepapers, or presentations at reputable security conferences (e.g., Black Hat, DEF CON, etc.).
- Foundational understanding of the Android operating system architecture, security model, and common attack surfaces.