About the position
Our Security team works to create and maintain the safest operating environment for Google's users and developers. Security Engineers work with network equipment and actively monitor our systems for attacks and intrusions. In this role, you will also work with software engineers to proactively identify and fix security flaws and vulnerabilities. The Product Security team is responsible for maintaining critical operations processes within the Chrome Security team, one of these being Security Reviews as part of the Chrome Launch Reviews process. As a Security Engineer, you will be working with Chrome Security and Chrome product and engineering stakeholders for maintaining and evolving Security Reviews process and evolving tooling to optimize reviews and reduce any friction points in the Security reviews process from request to review completion, as well as any coordination communications, such as pre-escalation communications. In this role, you will be working with the Product Security team to help maintain and coordinate updates and changes in existing automation and to build new tooling to further automate our vulnerability management and disclosure processes. You will gain knowledge of our security bug triage, vulnerability management, security fix release, and Vulnerability Reward Program (VRP) processes and working closely with the Product Security team on that and understanding requirements for existing and new tooling. Chrome is dedicated to building a better, more open web. We’re focused on making a better browser (on both desktop and mobile) to help users take advantage of all the web has to offer in a safe and secure way. Chrome is available across all major platforms — iOS, Android, Windows, Mac, Linux and Chrome OS. We also built Chrome as an open source project so the entire web ecosystem could benefit from the latest innovations in speed, simplicity and security.
Responsibilities
- Take ownership of the Security Reviews process, collaborating with security reviewers and the owners of the other Chrome launch approval bits (e.g., leadership, privacy, legal).
- Engage teams across Chrome to help ensure their features get the appropriate level of security attention, resulting in safe, on-time, launches.
- Maintain and improve review workflows and tooling, identify friction points and work to address them for the benefit of both the Feature teams and security reviewers.
- Generate metrics and maintain dashboards related to the security reviews process, to help ensure we are meeting our Service Level Objectives (SLOs) and other obligations.
- Devise and maintain security reviews documentation and communications, such as best practices, escalation related artifacts, and security policy.
Requirements
- Bachelor's degree or equivalent practical experience.
- 2 years of experience with security assessments or security design reviews or threat modeling.
- 2 years of experience with security engineering, computer and network security and security protocols.
- 2 years of coding experience in one or more general purpose languages.
Nice-to-haves
- Experience in security assessments, security research or vulnerability investigation, or incident response.
- Experience in developing tools.
Benefits
- 401k
- health_insurance
- dental_insurance
- vision_insurance
- life_insurance
- disability_insurance
- paid_holidays
- paid_volunteer_time
- tuition_reimbursement
- professional_development
- employee_stock_purchase_plan
- performance_bonus
- sign_on_bonus
- unlimited_pto
