Security Engineer, Detection

  • Full Time
  • Sunnyvale, CA
  • Applications have closed


There’s no such thing as a “safe system” – only safer systems. Our Security team works to create and maintain the safest operating environment for Google’s users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information. Security Engineers work hands-on with network equipment and actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities.

The Detection Team develops and maintains the signals, tools, and infrastructure that we use, constantly evolving them to match sophisticated attackers. As part of this team, you will be building advanced and novel detection mechanisms for attacker techniques tactics and procedures, developing systems to automate remediation, conducting threat hunting, and performing network and systems forensics, as well as malware and indicator analysis.

We are responsible for handling all malicious activity on Google’s networks. We perform deep analysis of threats on our corporate, production, and acquisition environments. This is the team at Google that hunts for and helps respond to advanced (APT) attackers and insider threats. Our goal is to build a fully automated detection and response machine – an automated SOC.

At Google, our users come first, and the Systems Infrastructure team is at the heart of that promise. We build the technologies that transform the way we think about doing business. Whether working on our cloud systems, researching the latest in computer technology or keeping Google’s internal systems humming, Googlers and users alike rely on us to keep things running. We’re back-end experts: protecting your privacy and ensuring your security.

Participate in a 24/7 global operation that looks after and responds to security events on Google’s networks.
Perform investigations on a wide variety of events from various sources to determine whether they pose a threat to Google.
Participate in large-scale security incidents.
Work with teams from around Google to discover new detection capabilities and logging sources.

Minimum qualifications:

Bachelor’s degree or equivalent practical experience.
Coding/scripting experience in one or more general purpose languages.
Experience analyzing the security of systems (penetration testing, Web Application security testing, vulnerability scanning, threat modeling, etc.).

Preferred qualifications:

3 years of relevant work experience, including experience in responding to security problems in target-rich environments, looking at security alerts, front-line analysis and response.
Programming experience in Python, C/C++, Java, or Go.
Demonstrated expertise with malware analysis, including investigations of botnet and root-kit behavior.
Expertise in spearheading analysis of large data sets and intrusion detection systems.
Demonstrated expertise with signals development, threat hunting, threat modeling