There's no such thing as a "safe system" - only safer systems. Our Security team works to create and maintain the safest operating environment for Google's users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information. Security Engineers work directly with network equipment and actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities.
You use your industry experience to own and drive the resolution of complex security incidents, policy questions and technical security issues.
In this role, you will deliver technical contributions to enterprise security projects focused on protecting Alphabet’s data from risks associated with first-party and third-party Artificial Intelligence (AI) products. You will be assisting Google teams with securing AI-related features and products, including assessment of enterprise security controls within Google’s own products. You will partner with the Enterprise Security AI (EntSec AI) team to define and validate the path that guides secure AI development and use across the company. You will be an individual contributor with an understanding of Google’s used production tech stacks. You will be able to draw security engineering knowledge including threat modeling, security assessments, access controls, and data protection, and adapt this knowledge to advise on mitigating risks due to increased AI use.
The Core team builds the technical foundation behind Google’s flagship products. We are owners and advocates for the underlying design elements, developer platforms, product components, and infrastructure at Google. These are the essential building blocks for excellent, safe, and coherent experiences for our users and drive the pace of innovation for every developer. We look across Google’s products to build central solutions, break down technical barriers and strengthen existing systems. As the Core team, we have a mandate and a unique opportunity to impact important technical decisions across the company.
Responsibilities
- Deliver quality security assessments and threat models for first-party and third-party AI agents, ensuring they adhere to established paths and enterprise security principles.
- Propose and validate technical guardrails to prevent unauthorized agentic AI actions and to inform the development of frameworks/solutions that support secure AI development.
- Use your subject-matter expertise to assist with escalations and remediation in collaboration with members of the team.
- Share expertise on agent security technologies and Google-specific security infrastructure with adjacent teams to improve cross-functional project collaboration.
Qualifications
Minimum qualifications:
- Bachelor's degree in Computer Science, a related technical field, or equivalent practical experience.
- 2 years of experience with security in attacks and mitigation methods.
- 2 years of experience with security engineering, computer and network security and security protocols.
- 2 years of experience with coding in one or more general purpose languages.
Preferred qualifications:
- Experience with developing threat models and performing technical security assessments of systems.
- Experience with commonplace industry security tools, security architecture (e.g., zero-trust BeyondCorp model), and processes for vulnerability management.
- Knowledge of the most-commonly used Open Source Software (OSS) and cloud-based production tech stacks.
- Ability to design and develop new security control implementations.
- Ability to produce quality engineering artifacts (e.g., design documents, code reviews, or risk assessments).