Senior Security Engineer, Cloud Red Team, Cloud Ciso

Google Google · Big Tech · Zürich, Switzerland +2

This role is for a Senior Security Engineer on the Cloud Red Team within Google's Cloud CISO organization. The primary responsibility is to simulate real-world adversaries to test and improve Google Cloud's detection and response capabilities against threats. This involves defining roadmaps, building tools, identifying vulnerabilities, participating in threat modeling, designing attack scenarios, and reporting findings. The role requires a strong technical security background with experience in vulnerability assessment, exploitation, and ethical hacking, preferably in a cloud environment.

What you'd actually do

  1. Define and maintain the roadmap for one of the programs within Cloud Red Team, while collaborating within a highly-skilled team to plan and execute attacks against Cloud’s products, services, and infrastructure.
  2. Build tools and infrastructure to support attacker goals, while identifying vulnerabilities and attack vectors across Cloud services, configurations, and related technologies.
  3. Participate in threat modeling exercises to identify potential attack paths and weaknesses in Cloud architectures and deployments.
  4. Design realistic and relevant attack scenarios based on current threat intelligence and the specific Cloud environment being assessed.
  5. Create reports that capture the insights gained during an attack and present them to a variety of audiences.

Skills

Required

  • Bachelor's degree or equivalent practical experience
  • 5 years of experience in a technical security role (e.g., security engineering, security research, DevSecOps, or incident response)
  • Experience with vulnerability assessments and vulnerability exploitation
  • Experience in security and ethical hacking

Nice to have

  • 3 years of offensive security experience (red teaming, vulnerability research, pen testing, etc - not just running tools) in Cloud environment
  • Experience with Artificial Intelligence
  • Ability to develop custom exploits, modify existing exploits, and bypass security controls
  • Fluency in programming languages relevant to security and cloud automation (e.g., Python, Go, Bash)
  • Being able to clearly and concisely articulate complex technical findings, risks, and remediation strategies to both technical and non-technical audiences, both verbally and in writing.

What the JD emphasized

  • 5 years of experience in a technical security role
  • Experience with vulnerability assessments and vulnerability exploitation
  • Experience in security and ethical hacking
  • 3 years of offensive security experience (red teaming, vulnerability research, pen testing, etc - not just running tools) in Cloud environment