Staff Security Engineer, AI Vulnerability Research
- linkCopy link
- emailEmail a friend
Minimum qualifications:
- Bachelor's degree or equivalent practical experience.
- 8 years of experience in security engineering.
- Experience in operational security risk assessments or vulnerability assessment.
Preferred qualifications:
- Experience in supporting security attack prevention, compliance audits and programs.
- Experience in one or more programming languages suitable for security research and prototyping (e.g., Python).
- Experience with security monitoring and analysis tools.
- Experience and interest in mentoring junior team members.
- Experience in offensive security and vulnerability research.
About the job
Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities.
Responsibilities
- Identify security vulnerabilities in Google's core AI and ML infrastructure through technical analysis, code review, design review, and fuzzing.
- Conduct vulnerability research into specific components and threat areas, such as model exfiltration vectors, tampering techniques, insecure input managing, or infrastructure abuse potential.
- Develop proof of concept exploits and tools to demonstrate the impact and exploitability of discovered vulnerabilities. Lead and participate in offensive security exercises (e.g., Orange Team, pen tests) against critical AI systems and infrastructure.
- Analyze complex system architectures and threat models related to AI development and deployment to identify systemic weaknesses and security gaps. Collaborate closely with AISS hardening engineers and ML infrastructure teams to design and validate effective mitigation for identified vulnerabilities.
- Document research findings, vulnerability details, exploitation techniques, and mitigation recommendations for technical audiences.
Information collected and processed as part of your Google Careers profile, and any job applications you choose to submit is subject to Google's Applicant and Candidate Privacy Policy.
Google is proud to be an equal opportunity and affirmative action employer. We are committed to building a workforce that is representative of the users we serve, creating a culture of belonging, and providing an equal employment opportunity regardless of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or related condition (including breastfeeding), expecting or parents-to-be, criminal histories consistent with legal requirements, or any other basis protected by law. See also Google's EEO Policy, Know your rights: workplace discrimination is illegal, Belonging at Google, and How we hire.
If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form.
Google is a global company and, in order to facilitate efficient collaboration and communication globally, English proficiency is a requirement for all roles unless stated otherwise in the job posting.
To all recruitment agencies: Google does not accept agency resumes. Please do not forward resumes to our jobs alias, Google employees, or any other organization location. Google is not responsible for any fees related to unsolicited resumes.