Security Engineer, Cloud Red Team, Cloud Ciso

Google Google · Big Tech · Zürich, Switzerland +2

This role focuses on offensive security within Google Cloud, simulating real-world adversaries to identify and exploit vulnerabilities in Cloud products, services, and infrastructure. The Security Engineer will develop tools to support attacker goals, conduct threat modeling, and create reports on findings. The role requires experience in technical security, vulnerability assessment, and ethical hacking, with a preference for offensive security experience in a cloud environment and AI experience.

What you'd actually do

  1. Collaborate within a highly-skilled team to plan and execute attacks against Cloud’s products, services, and infrastructure, while building tools and infrastructure to support attacker goals.
  2. Identify vulnerabilities and attack vectors proactively within Cloud services, configurations, and related technologies.
  3. Engage in threat modeling exercises to identify potential attack paths and weaknesses in Cloud architectures and deployments.
  4. Develop realistic and relevant attack scenarios based on current threat intelligence and the specific Cloud environment being assessed.
  5. Create reports that capture the insights gained during an attack and present them to a variety of audiences

Skills

Required

  • technical security role
  • vulnerability assessments
  • vulnerability exploitation
  • security
  • ethical hacking
  • programming languages relevant to security and cloud automation (e.g., Python, Go, Bash)

Nice to have

  • offensive security experience (red teaming, vulnerability research, pen testing, etc - not just running tools) in Cloud environment
  • Artificial Intelligence
  • develop custom exploits
  • modify existing exploits
  • bypass security controls
  • clearly and concisely articulate complex technical findings, risks, and remediation strategies to both technical and non-technical audiences, both verbally and in writing

What the JD emphasized

  • security flaws
  • vulnerabilities
  • attack vectors
  • threat modeling
  • ethical hacking
  • offensive security experience
  • Artificial Intelligence