Security Engineer, Abuse and AI Vulnerability Rewards Program

Minimum qualifications:

• Bachelor's degree or equivalent practical experience.
• 2 years of coding experience in one or more general purpose languages.
• 2 years of experience with security engineering, computer and network security and security protocols.
• 2 years of experience with security assessments or security design reviews or threat modeling.

Preferred qualifications:

• 5 years of experience working in a security field such as application security, network security, or incident response.
• Experience with generative AI or similar AI/ML systems.
• Experience working in bug bounties.
• Excellent problem-solving and critical thinking skills with attention to detail in an ever-changing environment.

About the job:

Security is at the core of Google's design and development process: it is built into the DNA of our products. The same is true of our offices. You're an expert who shares our seriousness about security and our commitment to confidentiality. You'll collaborate with our Facilities Management team to create innovative security strategies, investigate breaches and create risk assessment plans for the future. You believe that providing effective security doesn't come at the expense of customer service - you will be our bodyguard (and our long lost pal).

The US base salary range for this full-time position is $141,000-$202,000 + bonus + equity + benefits. Our salary ranges are determined by role, level, and location. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

Responsibilities:

• Assess the validity and severity of externally-reported security and abuse issues, including issues impacting GenAI products.
• Reproduce externally-reported security and abuse issues, capturing information required by the product teams to understand and resolve.
• Serve as a point of technical escalation for first-line triage team.
• Manage communication between researchers and product teams.
• Assess reported bugs critically to determine impact, and what, if any, reward should be issued to the researcher under VRP rules. Participate in the larger VRP community and engage in cross-team projects to improve the bug bounty experience for all reporters.